Check: TSS0900
zOS TSS STIG:
TSS0900
(in versions v6 r43 through v6 r30)
Title
ACIDs defined as security administrators do not have the attribute of NOATS. (Cat II impact)
Discussion
NOATS prevents the TSS administrator ACID from signing on through automatic terminal signon. If an ACID has ATS enabled, a terminal could be automatically assigned that ACID without a user being present. This applies to CICS, IMS, and IDMS.
Check Content
Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(@ALL) - TSSPRIV.RPT Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0900) Review all security administrators to ensure that each one has the NOATS attribute.
Fix Text
Review all security administrator ACIDs. Ensure the NOATS attribute has been assigned. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes. NOTE: The NOATS attribute may be added to an ACID or an ACID's PROFILE. The following command may be issued to determine if the NOATS attribute is defined to an ACID or an ACID's PROFILE: tss list(<acid>) data(basic,profile)
Additional Identifiers
Rule ID: SV-238r2_rule
Vulnerability ID: V-238
Group Title: TSS0900
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000035 |
Provide the capability for privileged administrators to configure the organization-defined security or privacy policy filters to support different security or privacy policies. |
Controls
| Number | Title |
|---|---|
| AC-4(11) |
Configuration of Security Policy Filters |