Title

DFSMS resource type(s) is(are) not defined to the GSO INFODIR record in accordance with security requirements. (Cat II impact)

Discussion

DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and effectively bypass all ACP data set and volume controls. Failure to properly protect DFSMS resources may result in unauthorized access. This exposure could compromise the availability and integrity of the operating system environment, system services, and customer data.

Check Content

GSO INFODIR Records a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) b) Review the GSO INFODIR record for the following definitions: R-RMGM R-RSTR R-RFAC R-RPGM c) If all of the resources in (b) above are in the GSO INFODIR record, there is NO FINDING. d) If any of the resources in (b) above is not in the GSO INFODIR record, this is a FINDING.

Fix Text

The IAO will ensure that r-rmgm, r-rstr, r-rfac and r-rpgm resource types are defined within the GSO INFODIR. Review the GSO INFODIR record for the following definitions: R-RMGM R-RSTR R-RFAC R-RPGM Ensure all of the resources above are in the GSO INFODIR record. Example: SET C(GSO) LIST INFODIR CHANGE INFODIR TYPES(R-RMGM R-RSTR R-RFAC R-RPGM)

Additional Identifiers

Rule ID: SV-7240r2_rule

Vulnerability ID: V-6939

Group Title: ZSMSA004

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.