There are LOGONIDs defined to ACF2 that do not have the required fields completed.

From z/OS ACF2 STIG

Part of ACF0560

Associated with IA controls: DCCS-1, DCCS-2

SV-158r2_rule There are LOGONIDs defined to ACF2 that do not have the required fields completed.

Vulnerability discussion

Within the LOGONID record, the users name and UID-string fields must be completed to ensure individual user accountability.

Check content

Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(LOGONIDS) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0560) Verify that the below listed fields are complete for all logonids. If the following guidance is true, this is not a finding. NAME User's name UID-String All fields defined in the ACFFDR @UID macro NOTE: A completed NAME field that can either be traced back to a current DD2875 or a Vendor Requirement (example: A Started Task). NOTE: A user may be required to have more than one logonid but users must not share userids.

Fix text

The IAO will ensure that all LOGONID records have the required attributes. Review all LOGONID definitions to ensure required information is provided. Every user will be identified to ACF2 via a unique userid. (ACF2 calls this a logonid.) To ACF2, a user is an individual, a started task, or a batch job. Every user will be fully identified within ACF2. Complete the following fields for every logonid: NAME - User's name UID-String - All fields defined in the ACFFDR @UID macro All fields that comprise the standard UID string will be filled out for each user as a logonid is added. Example: SET LID INSERT logoind UID(uid string) NAME(user name)

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer