Title

The System datasets used to support the VTAM network are not properly secured. (Cat II impact)

Discussion

VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions. Failure to properly control VTAM resources could potentially compromise the network operations.

Check Content

a) Create a list of data set names containing all VTAM start options, configuration lists, network resource definitions, commands, procedures, exit routines, all SMP/E TLIBs, and all SMP/E DLIBs used for installation and in development/production VTAM environments. Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(VTAMRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ZVTM0018) b) Ensure that ACF2 data set rules for all VTAM system data sets restrict access to only network systems programming staff. These data sets include libraries containing VTAM load modules and exit routines, and VTAM start options and definition statements. c) If (b) above is true, there is NO FINDING. d) If (b) above is untrue, this is a FINDING.

Fix Text

The IOA will ensure that ACF2 data set rules for all VTAM system data sets restrict access to only network systems programming staff. Ensure that ACF2 data set rules for all VTAM system data sets restrict access to only network systems programming staff. These data sets include libraries containing VTAM load modules and exit routines, and VTAM start options and definition statements. Example: $KEY(SYS1) VTAM-.- UID(syspaudt) R(A) W(L) A(L) E(A) $KEY(S3V) $PREFIX(SYS3) VTAM-.- UID(syspaudt) R(A) W(L) A(L) E(A)

Additional Identifiers

Rule ID: SV-7257r2_rule

Vulnerability ID: V-6956

Group Title: ZVTM0018

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.