Check: ZISFA038
z/OS IBM System Display and Search Facility for ACF2 STIG:
ZISFA038
(in version v6 r11)
Title
IBM System Display and Search Facility (SDSF) Resource Class will be defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) If the following GSO CLASMAP record entry(ies) is (are) defined, this is not a finding. CLASMAP.SDSF RESOURCE(SDSF) RSRCTYPE(xxx) ENTITYLN(nn) Note: The site determines the appropriate three-letter RSRCTYPE that is unique for the SDSF. The ENTITYLN must be appropriate for the site's installation.
Fix Text
Use SAF security to define and protect the IBM SDSF resource class(es). Use the following commands as an example: CLASMAP.SDSF RESOURCE(SDSF) RSRCTYPE(SDF) ENTITYLN(39)
Additional Identifiers
Rule ID: SV-224322r868188_rule
Vulnerability ID: V-224322
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |