From z/OS ACF2 STIG
Part of AAMV0450
Associated with IA controls: DCCS-1, DCCS-2, DCAS-1, DCPD-1
Many vendor products and applications require or provide operating system exits, SVCs, I/O appendages, special PPT privileges, and APF authorization. Without proper review and adequate documentation of these system programs, the integrity and availability of the operating system, ACP, and customer data are subject to compromise.
a) Refer to the following reports produced by the z/OS Data Collection: - EXAM.RPT(APFXRPT) - EXAM.RPT(APFTSO) - EXAM.RPT(IOAPPEND) - EXAM.RPT(MVSXRPT) - EXAM.RPT(PPTXRPT) - EXAM.RPT(SVCIBM) - EXAM.RPT(SVCUSER) - EXAM.RPT(SVCESR) b) Ensure the following items are in effect: 1) The acquisition of any new IA and IA-enabled Commercial-Off-the-Shelf (COTS) products meets the applicable Common Criteria, NIAP, or FIPS evaluation and validation requirements specified in NSTISSP No. 11 and DODI 8500.2 or receives DAA approval. 2) All locally developed extensions to the operating system environment (i.e., operating system exits, SVCs, I/O appendages, modules requiring special PPT privileges and APF authorization) have been reviewed by the sites system programmer and approved by site DAA. c) If both items in (b) are true for all system programs, there is NO FINDING. d) If any item in (b) is untrue for a system program, this is a FINDING.
The IAO will ensure any new system software that performs any of the following actions: - Runs authorized or with special privileges so it can use z/OS facilities restricted to authorized programs. - Requires the use of a new Supervisor Call routine (SVC), Program Call routine (PC), installation exit routine, or I/O appendage routine. - Modifies MVS in any way. - Requires the use of the Authorized Program Facility (APF). - Requires that the name of the program be placed in the MVS Program Properties Table (PPT). - Runs in Supervisor State. - Runs with a program status word (PSW) protection key between 0 through 7. - Runs with a userid that has special security privileges within the ACP. Has been approved by Common Criteria, NIAP, or FIPS evaluation and validation requirements specified in NSTISSP No. 11 and DODI 8500.2 or receives DAA approval.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer