Check: ACF0840
zOS ACF2 STIG:
ACF0840
(in versions v6 r43 through v6 r30)
Title
The number of users granted the special privilege PPGM is not justified. (Cat II impact)
Discussion
Users with this privilege may have access to powerful utilities and could intentionally or inadvertently compromise operating system integrity or destroy data on a large-scale basis. Misuse of these utilities could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.
Check Content
a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTPPGM) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0840) b) If the number of users granted the special privilege PPGM is strictly controlled and limited to systems programmer and operations personnel, there is NO FINDING. c) If the number of users granted the special privilege PPGM is not strictly controlled and limited to systems programmer and operations personnel, this is a FINDING.
Fix Text
The IAO will ensure that access to the special privilege PPGM is kept to a minimum and limited to systems programmer and operations personnel Review all LOGONIDs with the PPGM attribute.
Additional Identifiers
Rule ID: SV-180r2_rule
Vulnerability ID: V-180
Group Title: ACF0840
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
| Number | Title |
|---|---|
| AC-3 |
Access Enforcement |