Check: ZMVZA038
z/OS BMC MAINVIEW for z/OS for ACF2 STIG:
ZMVZA038
(in version v6 r9)
Title
BMC Mainview for z/OS Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
If the following GSO CLASMAP record entries are defined this is not a finding. CLASMAP.class RESOURCE(class) RSRCTYPE(type) ENTITYLN(nn) Note: The site determines the appropriate three letter RSRCTYPE that is unique for Mainview. The ENTITYLN should be appropriate for the site’s installation. If the following GSO SAFDEF record entries are defined this not a finding. INSERT SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP - RACROUTE(SUBSYS=ssid REQSTOR=-)
Fix Text
Use SAF security to define and protect the Products resouceresource class(es). Ensure that the following GSO CLASMAP record entry(ies) is (are) defined: CLASMAP.class RESOURCE(class) RSRCTYPE(type) ENTITYLN(nn) Note: The site determines the appropriate three letter RSRCTYPE that is unique for Mainview. The ENTITYLN should be appropriate for the site’s installation. Example: SET C(GSO) LIST CLASMAP.BMCVIEW INSERT CLASMAP.BMCVIEW ENTITYLN(39) RESOURCE(BMCVIEW) RSRCTYPE(BBM) F ACF2,REFRESH(CLASMAP) Ensure that the following GSO SAFDEF record entry(ies) is (are) defined: SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP RACROUTE(SUBSYS=ssid REQSTOR=-) Example: ACF SET C(GSO) LIST SAFDEF.ssid INSERT SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP RACROUTE(SUBSYS=ssid REQSTOR=-) F ACF2,REFRESH(SAFDEF)
Additional Identifiers
Rule ID: SV-224254r822582_rule
Vulnerability ID: V-224254
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |