From z/OS ACF2 STIG
Part of ZTSOA040
Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1
Users with this privilege can mount tape and DASD. This could result in the compromise of the confidentiality, integrity, availability of the operating system, ACP, or customer data.
) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTTSO) b) Review the ATTTSO report ensuring the following items are in effect: 1) The ACCTPRIV privilege is restricted to security personnel. 2) The CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc.). 3) The MOUNT privilege is not granted to on-line TSO users. c) If all of the above are true, there is NO FINDING. d) If any of the above is untrue, this is a FINDING.
The IAO will ensure Logonids with the ACCTPRIV attribute are only reserved for use by the IAO/IAM. The IAO will ensure that special privilege MOUNT is assigned only on an as needed basis for LOGONIDS associated with STCs and LOGONIDS that need to execute TSO in batch. The IAO will ensure that access to the special privilege OPERATOR is kept to a minimum and is controlled and documented. Ensure the following items are in effect: 1) The ACCTPRIV privilege is restricted to security personnel. 2) The CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc.). 3) The MOUNT privilege is not granted to on-line TSO users. Use the LIST command to review the LOGONID privileges.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer