Update and allocate access to SMF collection files (i.e., SYS1.MANx) are not limited to system programmers and/or batch jobs that perform SMF dump processing.

From z/OS ACF2 STIG

Part of ACP00180

Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECAR-3, ECAR-2, ECCD-1, ECAR-1

SV-123r1_rule Update and allocate access to SMF collection files (i.e., SYS1.MANx) are not limited to system programmers and/or batch jobs that perform SMF dump processing.

Vulnerability discussion

SMF data collection is the system activity journaling facility of the z/OS system. With the proper parameter designations it serves as the basis to ensure individual user accountability. SMF data is the primary source for cost charge back in DISA. Unauthorized access could result in the compromise of logging and recording of the operating system environment, ACP, and customer data.

Check content

a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(SMFXRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00180) ___ The ACP data set rules for the SMF data collection files (e.g., SYS1.MAN*) allow inappropriate access. ___ The ACP data set rules for the SMF data collection files (e.g., SYS1.MAN*) do not restrict ALTER access to only z/OS systems programming personnel. ___ The ACP data set rules for the SMF data collection files (e.g., SYS1.MAN*) do not restrict UPDATE access to z/OS systems programming personnel, and/or batch jobs that perform SMF dump processing. ___ The ACP data set rules for SMF data collection files (e.g., SYS1.MAN*) do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged. b) If all of the above are untrue, there is NO FINDING. c) If any of the above is true, this is a FINDING.

Fix text

Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect modification or deletion of SMF collection files. The IAO will ensure that allocate/alter authority to SMF collection files is limited to only systems programming staff and and/or batch jobs that perform SMF dump processing and ensure the accesses are being logged.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer