From z/OS ACF2 STIG
Part of ACP00150
Associated with IA controls: DCCS-1, DCCS-2, DCSL-1
Associated with: CCI-000213 CCI-001499 CCI-002234
The JES2 System data sets are a common repository for all jobs submitted to the system and the associated printout and configuration of the JES2 environment. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.
a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(JES2RPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00150) ___ The ACP data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) allow inappropriate access. ___ The ACP data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel. b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, this is a FINDING.
Limit read and write access to the JES2 started task. Limit allocate/alter access to the systems programming staff. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect JES2 System datasets (spool, checkpoint, and parmlib datasets) The IAO will ensure that update and allocate access to JES2 System datasets (spool, checkpoint, and parmlib datasets) are limited to system programmers only. For example all SYS1.HASP* data sets.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer