Title

CA Common Services Started Task name will be properly identified and/or defined to the system ACP. (Cat II impact)

Discussion

CA Common Services requires a started task that will be restricted to certain resources, data sets, and other system functions. Defining the started task as a userid to the system ACP allows the ACP to control the access and authorized users that require these capabilities. Failure to properly control these capabilities could compromise the operating system environment, ACP, and customer data.

Check Content

Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(LISTUSER). Verify that the userid(s) for the CA Common Services started task(s) is (are) properly defined. If the following attributes are defined, this is not a finding. PROTECTED

Fix Text

The ISSO working with the systems programmer will ensure the CA Common Services Started Task(s) is properly identified and/or defined to the System ACP. If the product requires a Started Task, verify that it is properly defined to the System ACP with the proper attributes. Most installation manuals will indicate how a Started Task is identified and any additional attributes that must be specified. The following commands are provided as a sample for defining Started Task(s): au CAS9 name('STC, CAS9') owner(stc) dfltgrp(stc) nopass - data('CCS stc')

Additional Identifiers

Rule ID: SV-224434r1144693_rule

Vulnerability ID: V-224434

Group Title: SRG-OS-000104

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.