From z/OS RACF STIG
Part of ZIDM0032
Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1
Improperly defined IDMS central versions (CVs) have the potential to bypass security controls and obtain unauthorized access to system resources. This could potentially compromise the confidentiality, integrity, and availability of the operating system, ACP, and customer data.
a) Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(PROPCNTL) Refer to the IDMS Worksheet in the z/OS STIG Adendum and copy it and fill out the information for each IDMS CV running on this LPAR. b) Ensure the following items are in effect: - Userids of IDMS CVs that run as a started tasks have a profile defined to the PROPCNTL resource class. - Userids of IDMS CVs that run as a batch jobs have a profile defined to the PROPCNTL resource class. c) If both items in (b) are true, there is NO FINDING. d) If either item in (b) is untrue, this is a FINDING.
Propagation control must be implemented for each region/CV to ensure that the CV's userid is not propagated to batch jobs submitted by that region. This is done by defining in the
PROPCNTL class profiles whose names match those of each region (CV) assigned userid. The following is an example of the steps necessary to ensure that propagation control is activated for the regions. Do the following for each region/CV userid:
• Define a profile to the PROPCNTL class:
RDEFINE PROPCNTL
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer