An error occurred:

Check: ZVTM0018

zOS TSS STIG: ZVTM0018 (in versions v6 r43 through v6 r30)

Title

The System datasets used to support the VTAM network are improperly secured. (Cat II impact)

Discussion

VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions. Failure to properly control VTAM resources could potentially compromise the network operations.

Check Content

a) Create a list of data set names containing all VTAM start options, configuration lists, network resource definitions, commands, procedures, exit routines, all SMP/E TLIBs, and all SMP/E DLIBs used for installation and in development/production VTAM environments. Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(VTAMRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ZVTM0018) b) Ensure that TSS data set rules for all VTAM system data sets restrict access to only network systems programming staff. These data sets include libraries containing VTAM load modules and exit routines, and VTAM start options and definition statements. c) If (b) above is true, there is NO FINDING. d) If (b) above is untrue, this is a FINDING.

Fix Text

Ensure that TSS data set rules for all VTAM system data sets restrict access to only network systems programming staff. These data sets include libraries containing VTAM load modules and exit routines, and VTAM start options and definition statements. The following sample TSS commands show proper permissions for VTAM datasets (replace "profile" with the profile name of the network systems programming staff authorities) : TSS PERMIT(profile) DSN(SYS1.VTAM.) ACC(ALL) TSS PERMIT(profile) DSN('SYS1.VTAMLIB.) ACC(ALL) TSS PERMIT(profile) DSN(SYS1.VTAM.SISTCLIB.) ACC(ALL) TSS PERMIT(profile) DSN(SYS3.VTAM.) ACC(ALL) TSS PERMIT(profile) DSN(SYS3.VTAMLIB.) ACC(ALL)

Additional Identifiers

Rule ID: SV-7360r2_rule

Vulnerability ID: V-6956

Group Title: ZVTM0018

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
CCI-001499

Limit privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement
CM-5(6)

Limit Library Privileges