Navigate

Check: ZUSST060

zOS TSS STIG: ZUSST060 (in versions v6 r43 through v6 r30)

Title

The HFSSEC resource class is not defined with DEFPROT. (Cat I impact)

Discussion

The HFSSEC resource class configuration settings in the ACP impact the security level of z/OS UNIX.

Check Content

a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(STATUS) - TSSCMDS.RPT(#RDT) Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(ZUSST060) b) If the Control Option is HFSSEC(OFF), this is NOT APPLICABLE. c) If the DEFPROT attribute is specified for the HFSSEC resource class in the RDT, there is NO FINDING. d) If (c) above is untrue, this is a FINDING.

Fix Text

Ensure that the HFSSEC resource class has the attribute DEFPROT. For Example: TSS REPLACE(RDT) RESCLASS(HFSSEC) ATTR(DEFPROT)

Additional Identifiers

Rule ID: SV-7383r2_rule

Vulnerability ID: V-7021

Group Title: ZUSST060

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000213	Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-3	Access Enforcement