Check: ZCA1R038
z/OS CA 1 Tape Management for RACF STIG:
ZCA1R038
(in versions v6 r9 through v6 r6)
Title
CA 1 Tape Management Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) - DSMON.RPT(RACCDT) - Alternate list of active resource classes Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(ZCA10038) If the CA 1 Tape Management resource class(es) is (are) active, this is not a finding.
Fix Text
Ensure that the following CA 1 Tape Management Resource Class(es) is (are) active. [email protected] [email protected] Use the following commands as an example: SETROPTS CLASSACT([email protected],[email protected])
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |