From z/OS RACF STIG
Part of AAMV0030
Associated with IA controls: DCCS-1, DCCS-2, DCSL-1
Associated with: CCI-000381 CCI-001762 CCI-002283
Failure to specify LINKAUTH=APFTAB allows libraries other than those designated as APF to contain authorized modules which could bypass security and violate the integrity of the operating system environment. This expanded authorization list inhibits the ability to control inclusion of these modules.
a) Refer to the following report produced by the z/OS Data Collection: - EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s). Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0030) b) If the LNKAUTH=APFTAB parameter is specified in the IEASYSxx member, there is NO FINDING. c) If the LNKAUTH=APFTAB parameter is not specified, this is a FINDING.
The systems programmer will ensure that LNKAUTH=APFTAB is specified in the IEASYSxx member(s) in the currently active parmlib data set(s). Review all installed software for authorization requirements. Identify and include only libraries with this requirement in the APF designation. Change LINKAUTH=LNKLST to LINKAUTH=APFTAB in all IEASYSxx members. Control over APF authorization is specified within the operating system. The data set SYS1.PARMLIB members IEAAPFxx and PROGxx are used to specify the library names and the volumes on which they reside. (The xx is the suffix designated by the APF and PROG parameters in the IEASYSxx member of SYS1.PARMLIB or overridden by the computer operator at system initial program load [IPL]). NOTE: An entire library is listed as authorized, and not the individual modules themselves. Use the following recommendations and techniques to control the exposures created by the APF facility: (1) In SYS1.PARMLIB(IEASYSxx), use the parameter LNKAUTH=APFTAB so that all APF libraries are specified in the IEAAPFxx and PROGxx members of parmlib.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer