Check: ZMVZA038
z/OS BMC MAINVIEW for z/OS for ACF2 STIG:
ZMVZA038
(in versions v6 r8 through v6 r7)
Title
BMC Mainview for z/OS Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) Ensure that the following GSO CLASMAP record entries are defined: CLASMAP.class RESOURCE(class) RSRCTYPE(type) ENTITYLN(39) Ensure that the following GSO SAFDEF record entries are defined: INSERT SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP - RACROUTE(SUBSYS=ssid REQSTOR=-)
Fix Text
The IAO will use SAF security to define and protect the Products resouce class(es). Ensure that the following GSO CLASMAP record entry(ies) is (are) defined: CLASMAP.class RESOURCE(class) RSRCTYPE(type) ENTITYLN(39) Example: SET C(GSO) LIST CLASMAP.BMCVIEW INSERT CLASMAP.BMCVIEW ENTITYLN(39) RESOURCE(BMCVIEW) RSRCTYPE(BBM) F ACF2,REFRESH(CLASMAP) Ensure that the following GSO SAFDEF record entry(ies) is (are) defined: SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP RACROUTE(SUBSYS=ssid REQSTOR=-) Example: ACF SET C(GSO) LIST SAFDEF.ssid INSERT SAFDEF.ssid ID(BBCS) MODE(GLOBAL)REP RACROUTE(SUBSYS=ssid REQSTOR=-) F ACF2,REFRESH(SAFDEF)
Additional Identifiers
Rule ID: SV-33844r1_rule
Vulnerability ID: V-18011
Group Title: ZB000038
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |