From z/OS RACF STIG
Part of RACF0660
Associated with IA controls: DCCS-1, DCCS-2
Associated with: CCI-000213
Trusted Started tasks bypass RACF checking. It is vital that this attribute is NOT granted to unauthorized Started Tasks which could then obtain unauthorized access to the system. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.
a) Refer to the following report produced by the RACF Data Collection: - DSMON.RPT(RACSPT) Refer to a list of all started tasks (STCs) and associated userids with a brief description on the system. Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(RACF0660) b) Ensure that only approved Started Tasks have the TRUSTED flag enabled. Started Tasks approved to run with the TRUSTED attribute are contained in the TRUSTED STARTED TASKS Table in the zOS STIG Addendum. c) Ensure that no Started Tasks have been granted the PRIVILEGED attribute. d) If all of the above are true, there is NO FINDING. e) If any of the above is untrue, this is a FINDING.
Review assignment of the TRUSTED attribute in ICHRIN03 and/or the STARTED resource class. If a started proc defined with the TRUSTED attribute exists that is not in the approved list of trusted started tasks as found in the TRUSTED STARTED TASKS Table in the zOS STIG Addendum then the TRUSTED attribute should be removed.
The TRUSTED attribute can be removed from a STARTED class profile using the command:
RALT STARTED
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer