Navigate

Check: ACF0710

zOS ACF2 STIG: ACF0710 (in versions v6 r43 through v6 r30)

Title

The REFRESH attribute must be restricted. (Cat III impact)

Discussion

Unauthorized users may be able to effect changes to ACP system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.

Check Content

Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTREFSH) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ACF0710) Ensure the logonid with the REFRESH attribute is assigned to an IAO.

Fix Text

The IAO will ensure Logonids with the refresh privilege are only available to IAOs and/or IAMs. Ensure the logonid with the REFRESH attribute is assigned to an IAO. Example: SET LID CHANGE logonid REFRESH

Additional Identifiers

Rule ID: SV-23r2_rule

Vulnerability ID: V-23

Group Title: ACF0710

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002145	The information system enforces organization-defined circumstances and/or usage conditions for organization-defined information system accounts.
CCI-002277	The information system provides authorized individuals (or processes acting on behalf of individuals) the capability to define the value of associated security attributes.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-2 (11)	Usage Conditions
AC-16 (2)	Attribute Value Changes By Authorized Individuals