DFSMS-related RACF classes are not active.

From z/OS RACF STIG

Part of ZSMSR008

Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1

Associated with: CCI-000213

SV-7244r2_rule DFSMS-related RACF classes are not active.

Vulnerability discussion

DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and effectively bypass all ACP data set and volume controls. Failure to properly protect DFSMS resources may result in unauthorized access. This exposure could compromise the availability and integrity of the operating system environment, system services, and customer data.

Check content

CLASSACT Resources a) Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) b) ACTIVE CLASSES lists the MGMTCLAS, STORCLAS, PROGRAM, and FACILITY resources classes. c) RACLIST CLASSES lists the MGMTCLAS and STORCLAS resource classes. d) If (b) and (c) are true, there is NO FINDING. e) If (b) or (c) is not true, this is a FINDING.

Fix text

CLASSACT Resources ACTIVE CLASSES lists the MGMTCLAS, STORCLAS, PROGRAM, and FACILITY resources classes. The classes can be activated with the command: SETR CLASSACT(MGMTCLAS STORCLAS PROGRAM FACILITY) RACLIST CLASSES lists the MGMTCLAS and STORCLAS resource classes. The classes can be RACLISTED with the command: SETR RACL(MGMTCLAS STORCLAS)

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer