z/OS IBM System Display and Search Facility for ACF2 STIG Version Comparison
z/OS IBM System Display and Search Facility for ACF2 Security Technical Implementation Guide
Comparison
There are 1 differences between versions v6 r8 (April 22, 2016) (the "left" version) and v6 r9 (April 27, 2022) (the "right" version).
Check ZISFA038 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
IBM System Display and Search Facility (SDSF) Resource Class will be defined or active in the ACP.
Check Content
Refer to the following report produced by the ACF2 Data Collection: - Collection: - ACF2CMDS.RPT(ACFGSO) If ACF2CMDS.RPT(ACFGSO) If the following GSO CLASMAP record entry(ies) is (are) defined, this is not a finding. CLASMAP.SDSF RESOURCE(SDSF) RSRCTYPE(SDS) RSRCTYPE(xxx) ENTITYLN(nn) Note: The site determines the appropriate three-letter RSRCTYPE that is unique for the SDSF. The ENTITYLN(39) ENTITYLN must be appropriate for the site’s installation.
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Fix
Use The IAO will use SAF security to define and protect the IBM System Display and Search Facility (SDSF) SDSF resource class(es). Use the following commands as an example: CLASMAP.SDSF RESOURCE(SDSF) RSRCTYPE(SDS) RSRCTYPE(SDF) ENTITYLN(39)