From z/OS RACF STIG
Part of ACP00210
Associated with IA controls: DCCS-1, DCCS-2, ECCD-1, CODB-1
Associated with: CCI-000213
System backup data sets are necessary for recovery of DASD resident data sets. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.
a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(BKUPRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00210) Collect from the storage management group the identification of the DASD backup files and all associated storage management userids/LIDs/ACIDs. ___ The ACP data set rules for system DASD backup files allow inappropriate access. ___ The ACP data set rules for system DASD backup files do not restrict UPDATE and ALLOCATE access to z/OS systems programming and/or batch jobs that perform DASD backups. b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, or if these data sets cannot be identified due to a lack of requested information, this is a FINDING.
Obtain the high level indexes to backup datasets names and verify that their access is restricted by the System's ACP to System Programmers and batch jobs that perform the backups. If any other userids are specified, make sure that the IAO has documented justification for the access.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer