Check: ZCA1R038
z/OS CA 1 Tape Management for RACF STIG:
ZCA1R038
(in versions v6 r10 through v6 r6)
Title
CA 1 Tape Management Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) - DSMON.RPT(RACCDT) - Alternate list of active resource classes Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(ZCA10038) If the CA 1 Tape Management resource class(es) is (are) active, this is not a finding.
Fix Text
Ensure that the following CA 1 Tape Management Resource Class(es) is (are) active. CA@CMD CA@APE Use the following commands as an example: SETROPTS CLASSACT(CA@CMD,CA@APE)
Additional Identifiers
Rule ID: SV-224457r855108_rule
Vulnerability ID: V-224457
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |