Check: ZISFR038
z/OS IBM System Display and Search Facility (SDSF) for RACF STIG:
ZISFR038
(in versions v6 r10 through v6 r8)
Title
IBM System Display and Search Facility (SDSF) Resource Class will be active in the RACF. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) - DSMON.RPT(RACCDT) - Alternate list of active resource classes Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(ZISF0038) If the IBM System Display and Search Facility (SDSF) resource class(es) is (are) active, this is not a finding.
Fix Text
The ISSO will ensure that the IBM SDSF Resource Class(es) is (are) active. Use the following commands as an example: SETROPTS CLASSACT(SDSF)
Additional Identifiers
Rule ID: SV-224511r856992_rule
Vulnerability ID: V-224511
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |