Check: ACF0680
zOS ACF2 STIG:
ACF0680
(in versions v6 r43 through v6 r30)
Title
The LOGONIDs specified In GSO MAINT records will have the JOB and MAINT attributes specified In the associated LOGONID record. (Cat II impact)
Discussion
If there is a LOGONID intended for maintenance purposes that does not have the MAINT and JOB attributes specified, then it cannot function as intended. This could result in the inability to perform critical system maintenance tasks.
Check Content
Refer to the following reports produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) - ACF2CMDS.RPT(ATTMAINT) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0680) For each logonid record associated to the LID entry in all GSO MAINT records specify the following, this is not a finding. ___ The JOB and MAINT attributes are specified.
Fix Text
The IAO will ensure that logonids assigned to production maintenance tasks have the JOB and MAINT field settings in addition to the default LID field settings. Production maintenance tasks manage the backups and restoration of data for the Continuity of Operations Plan (COOP) and media maintenance. Logonids assigned to production maintenance tasks will have the following field settings in addition to the default LID field settings: JOB MAINT Example: SET LID CHANGE DFSMSHSM JOB MAINT
Additional Identifiers
Rule ID: SV-2r3_rule
Vulnerability ID: V-2
Group Title: ACF0680
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002145 |
The information system enforces organization-defined circumstances and/or usage conditions for organization-defined information system accounts. |
CCI-002883 |
The information system restricts the use of maintenance tools to authorized personnel only. |