User ACIDs and Control ACIDs do not have the NAME field completed.

From z/OS TSS STIG

Part of TSS0740

Associated with IA controls: DCCS-1, DCCS-2

Associated with: CCI-000764 CCI-000804

SV-224r2_rule User ACIDs and Control ACIDs do not have the NAME field completed.

Vulnerability discussion

Every User ACID should be assigned to an individual using the name field. Within the ACID record, the users NAME field should be completed. If this field is not completed for each user, user accountability will become lost.A completed NAME field must be either traced back to a current DD2875 or a Vendor Requirement (example: A Started Task). A user may be required to have more than one logonid but users must not share userids.

Check content

a) Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(@ACIDS) - TSSCMDS.RPT(@ALL) Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0740) Note: An interactive user may have more than one ACID as long as it has a matching DD2875 form. Users may not share any type of ACID. b) If all ACIDs have the NAME field completed, there is NO FINDING. c) If any ACID does not have the NAME field completed, this is a FINDING.

Fix text

The IAO will review all ACID definitions and ensure the NAME field is completed. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement. NOTE: An interactive user may have more than one ACID as long as it has a matching DD2875 form. Users may not share any type of ACID.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer