From z/OS ACF2 STIG
Part of AAMV0040
Associated with IA controls: DCCS-1, DCCS-2, DCSL-1
If a library designated by an APF entry does not exist on the volume specified, a library of the same name may be placed on this volume and inherit APF authorization. This could allow the introduction of modules which bypass security and violate the integrity of the operating system environment.
PDI Screen Sort Order: AAMV0040 Default Severity: Category III a) Refer to the following reports produced by the z/OS Data Collection: - PARMLIB.ACCESS(IEAAPFxx) - PARMLIB.ACCESS(PROGxx) NOTE: The IEAAPFxx and PROGxx reports are only produced if inaccessible libraries exist. The report names represent the actual SYS1.PARMLIB members where inaccessible libraries are found. If these reports do not exist, there is NO FINDING. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0040) b) If no inaccessible APF libraries exist, there is NO FINDING. c) If inaccessible APF libraries do exist, this is a FINDING.
The systems programmer will ensure that only existing libraries are specified in the APF list of libraries. Review the entire list of APF authorized libraries and remove those which are no longer valid designations. (2) The IEAAPFxx members will contain only required libraries. On a semi annual basis, Software Support should review the volume serial numbers, and should verify them in accordance with the system catalog. Software Support will remove all non existent libraries. The IAO should modify and/or delete the rules associated with these libraries.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer