Navigate

Check: ZCA1R038

z/OS CA 1 Tape Management for RACF STIG: ZCA1R038 (in versions v7 r1 through v6 r6)

Title

CA 1 Tape Management Resource Class will be defined or active in the ACP. (Cat II impact)

Discussion

Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.

Check Content

Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) - DSMON.RPT(RACCDT) - Alternate list of active resource classes Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(ZCA10038) If the CA 1 Tape Management resource class(es) is (are) active, this is not a finding.

Fix Text

Ensure that the following CA 1 Tape Management Resource Class(es) is (are) active. CA@CMD CA@APE Use the following commands as an example: SETROPTS CLASSACT(CA@CMD,CA@APE)

Additional Identifiers

Rule ID: SV-224457r987853_rule

Vulnerability ID: V-224457

Group Title: SRG-OS-000309

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000336	After system changes, verify that the impacted controls are operating as intended, meeting the security requirements for the system.
CCI-002358	Implement a reference monitor for organization-defined access control policies that is always invoked.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-25	Reference Monitor
CM-4(2)	Verification of Security Functions