An error occurred:

Check: ZUSSA060

zOS ACF2 STIG: ZUSSA060 (in versions v6 r43 through v6 r30)

Title

The CLASSMAP DEFINITIONS list does not include entires for the FACILITY, SURROGAT, and UNIXPRIV resource classes in accordance with security requirements. (Cat II impact)

Discussion

Parameter settings in the ACP impact the security level of z/OS UNIX.

Check Content

a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ZUSSA060) b) If the CLASMAP DEFINITIONS list includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes, there is NO FINDING. NOTE: The TYPE CODE values should be FAC, SUR, and UNI. c) If (b) is untrue, this is a FINDING.

Fix Text

The IAO will ensure that the CLASMAP DEFINITIONS list includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes. Ensure the CLASMAP DEFINITIONS list includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes. . NOTE: The TYPE CODE values should be FAC, SUR, and UNI. Example: TSO ACF SHOW CLASMAP

Additional Identifiers

Rule ID: SV-7298r2_rule

Vulnerability ID: V-6995

Group Title: ZUSSA060

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement