z/OS BMC MAINVIEW for z/OS for ACF2 STIG Version Comparison
z/OS BMC MAINVIEW for z/OS for ACF2 Security Technical Implementation Guide
Comparison
There are 2 differences between versions v6 r7 (Jan. 20, 2015) (the "left" version) and v6 r9 (April 27, 2022) (the "right" version).
Check ZMVZA030 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
BMC Mainview for z/OS Started Task name is not must be properly identified and/or defined to the system ACP.
Check Content
Refer to the following report produced by the ACF2 Data Collection: - Collection: - ACF2CMDS.RPT(ATTSTC) Insure ACF2CMDS.RPT(ATTSTC) Insure that the logonids(s) for the BMC Mainview for z/OS started task(s) includes the following: STC MUSASS NO-SMC following: STC NO-SMC
Discussion
BMC Mainview for z/OS requires a started task that will be restricted to certain resources, datasets and other system functions. By defining the started task as a userid to the system ACP, It allows the ACP to control the access and authorized users that require these capabilities. Failure to properly control these capabilities, could compromise of the operating system environment, ACP, and customer data.
Fix
The BMC Mainview for z/OS system programmer and the IAO will ensure Ensure that a product's Started Task(s) is properly identified and/or defined to the System ACP. If the product requires a Started Task, verify that it is properly defined to the System ACP with the proper attributes. Most installation manuals will indicate how the Started Task is identified and any additional attributes that must be specified. Example: SET LID INSERT MV$CAS STC MUSASS NO-SMC INSERT MV$PAS STC MUSASS NO-SMC INSERT MV$MVS STC NO-SMC