NCP (Net Work Control Program) Data set access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel.

From z/OS ACF2 STIG

Part of ZFEP0015

Associated with IA controls: DCCS-1, DCCS-2

SV-7199r1_rule NCP (Net Work Control Program) Data set access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel.

Vulnerability discussion

If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.

Check content

a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(NCPRPT) ___ The ACP data set rules for NCP data sets allow inappropriate access. ___ The ACP data set rules for NCP data sets does not restrict UPDATE and/or ALL access to authorized personnel (e.g., systems programming personnel). b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, this is a FINDING.

Fix text

Identify Names of the following data sets used for installation and in development/production environments: - NCP system data sets - NCP source definition data sets - NCP load modules - NCP host dump data sets - NCP utility programs Have the IAO validate that they are properly protected by the ACP. And that only authorized personnel are permitted UPDATE and/or ALLOCATE access (e.g., z/OS systems programming personnel).

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer