Title

TRACE attribute has been found assigned to ACIDs. (Cat II impact)

Discussion

The TRACE attribute allows ACIDs to diagnose the security trace information. This information goes to the SYSLOG dataset. This could give an ACID the ability to access system control information.

Check Content

Refer to the following report produced by the TSS Data Collection: - TSSPRIV.RPT Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0970) Review ACIDs having the TRACE attribute. TRACE should not be assigned. Note: The IAO will ensure that the trace attribute is only used for trouble shooting purposes.

Fix Text

Review all ACIDs with the TRACE attribute. Evaluate the impact of correcting the deficiency. Develop a plan of action and remove the TRACE attribute. Example: TSS REMOVE(acid) TRACE.

Additional Identifiers

Rule ID: SV-244r2_rule

Vulnerability ID: V-244

Group Title: TSS0970

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.