Check: ZMVZT038
z/OS BMC MAINVIEW for z/OS for TSS STIG:
ZMVZT038
(in version v6 r8)
Title
BMC Mainview for z/OS Resource Class must be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the ACP Data Collection: - TSSCMDS.RPT(#RDT) If the BMC Mainview for z/OS Resource Class(es) is (are) defined in the Resource Definition Table (RDT) as follows, this is not a finding. RESOURCE CLASS = class RESOURCE CODE = X'hex code' ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000) ACCESS = WRITE(2000),ALL(FFFF) DEFACC = READ
Fix Text
The ISSO will ensure the BMC Mainview for z/OS resource class(es) is (are) defined in the TSS RDT. (Note: The RESCLASS and/or RESCODE identified below are examples of a possible installation. The actual RESCLASS and/or RESCODE values are determined when the product is actually installed on a system through the product's installation guide and can be site specific.) Use the following commands as an example: TSS ADDTO(RDT) RESCLASS(BMCVIEW) - RESCODE(3B) DEFACC(READ) - ATTR(MASK|NOMASK,DEFPROT,LONG,GENERIC) - ACLST(NONE,READ,UPDATE,ALL)
Additional Identifiers
Rule ID: SV-224613r868741_rule
Vulnerability ID: V-224613
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |