There are no procedures to utilize the LOGONID with the REFRESH attribute.

From z/OS ACF2 STIG

Part of ACF0730

Associated with IA controls: DCCS-1, DCCS-2

Associated with: CCI-000225 CCI-002393

SV-170r2_rule There are no procedures to utilize the LOGONID with the REFRESH attribute.

Vulnerability discussion

Individuals could effect unauthorized or inadvertent changes to ACP global system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.

Check content

a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTREFSH) b) If procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, there is NO FINDING. Example: When the IAO determines it necessary to refresh the ACF2 global options, the IAO will do the following: 1) Activate the REFRESH ID with the following setting(s): NOSUSPEND NOPSWD EXP PASSWORD(new password) 2) Instruct Operations to perform the REFRESH. 3) Deactivate the REFRESH ID with the following setting: SUSPEND c) If no procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is a FINDING.

Fix text

The IAO will ensure procedures and documentation as defined below only exists for the use of Logonids with the refresh attribute. Review security procedures for defining LOGONIDs and ensure documentation includes requirements for the LOGONID associated with the REFRESH attribute. Example: When the IAO determines it necessary to refresh the ACF2 global options, the IAO will do the following: 1) Activate the REFRESH ID with the following setting(s): NOSUSPEND NOPSWD EXP PASSWORD(new password) 2) Instruct Operations to perform the REFRESH. 3) Deactivate the REFRESH ID with the following setting: SUSPEND

Pro Tips

Powered by sagemincer