ACP database is not backed up on a scheduled basis.

From z/OS RACF STIG

Part of AAMV0420

Associated with IA controls: DCCS-1, DCCS-2, CODB-2

Associated with: CCI-000537

SV-105r2_rule ACP database is not backed up on a scheduled basis.

Vulnerability discussion

Loss of the ACP database would cause an interruption in the service of the operating system environment. If regularly scheduled backups of this database are not processed, system recovery time could be unacceptably long.

Check content

a) Check with the IAO and verfiy that procedures exist to backup the security data base and files. Have the IAO identify the dataset names and frequency of the backups. Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(AAMV0420) For ACF2 sites only, refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFBKUP) For TOP SECRET sites only, refer to the following report produced by the TOP SECRET Data Collection: - TSSCMDS.RPT(STATUS) Note: RACF creates an alternate data set and does not have any setting to specify that a backup is created b) If, based on the information provided, it can be determined that the ACP database is being backed up on a regularly scheduled basis, there is NO FINDING. c) If it cannot be determined that the ACP database is being backed up on a regularly scheduled basis, this is a FINDING.

Fix text

The IAO will ensure that procedures are in place to backup all ACP files needed for recovery on a scheduled basis. Identify the ACP database and ensure that documented processes are in place to back up its contents on a regularly scheduled basis. At a minimum, nightly backup of the ACP databases, and of other critical security files (such as the ACP parameter file). More frequent backups (two or three times daily) will reduce the time necessary to affect recovery. The IAO will verify that the backup job(s) run successfully.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer