From z/OS ACF2 STIG
Part of ZTSOA040
Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1
Associated with: CCI-000213
Users with this privilege can mount tape and DASD. This could result in the compromise of the confidentiality, integrity, availability of the operating system, ACP, or customer data.
Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTTSO) Ensure that all ACF2 privileges are restricted according to the requirements specified. If the following guidance is true, this is not a finding. ___ The ACCTPRIV privilege is restricted to security personnel. ___ The CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc.). ___ The MOUNT privilege is restricted to DASD batch users only.
The IAO will review all Logonids for the following and ensure that only authorized users with justification are given access to the privileges. The ACCTPRIV privilege is restricted for used to the domain level security personnel (IAO/IAM). The CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc.). The MOUNT privilege is restricted to DASD batch users only on an as needed basis to execute TSO in batch. Ensure that all privileges are kept to a minimum and are controlled and documented.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer