Check: ZMVZR038
z/OS BMC MAINVIEW for z/OS for RACF STIG:
ZMVZR038
(in versions v6 r8 through v6 r7)
Title
BMC Mainview for z/OS Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) - DSMON.RPT(RACCDT) - Alternate list of active resource classes Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(ZMVZ0038) Ensure that the BMC Mainview for z/OS resource class(es) is (are) defined and active.
Fix Text
The IAO will ensure that the BMC Mainview for z/OS Resource Class(es) is (are) active. Use the following commands as an example: RDEFINE CDT class - CDTINFO( MAXLENGTH(64) DEFAULTUACC(NONE) - FIRST(ALPHA) CASE(UPPER) - OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) - POSIT(301) RACLIST(REQUIRED) - GENERIC(ALLOWED) GENLIST(ALLOWED) - OPERATIONS(YES) - ) UACC(NONE) SETROPTS CLASSACT(CDT) RACLIST(CDT) SETROPTS RACLIST(CDT) REFRESH SETROPTS GENERIC(class) GENCMD(class) SETROPTS CLASSACT(class) RACLIST(class) SETROPTS RACLIST(class) REFRESH
Additional Identifiers
Rule ID: SV-224428r855095_rule
Vulnerability ID: V-224428
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |