From z/OS TSS STIG
Part of TSS0810
Associated with: CCI-000035
The BYPASS attribute permits STCs to bypass security checking. With this authority, a job or ACID could bypass all security checking, and could potentially alter or destroy critical system data.
Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(#STC) Automated Analysis requires Additional Analysis. Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0810) Ensure that only STCs listed in the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, are granted the BYPASS privilege. TRUSTED STCs: Certain started tasks perform critical operating system-related functions. The site can secure these started tasks in one of two ways: 1) By analyzing an STC's access requirements and granting the requisite accesses. 2) By considering these started tasks as trusted for the purpose of data set and resource access requests. While the actual list may vary based on local site requirements and software configuration, the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, is an approved list of started tasks that may be considered trusted started procedures and can have the BYPASS attribute specified in the start task table. The site may exclude any STCs from the list of trusted started tasks based on local requirements. However, the addition of other started tasks to the list requires the approval of the site DAA.
Review the STC record for ACIDs with the BYPASS attribute. Ensure only those trusted STCs that are listed in the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, have been granted this authority. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes. Trusted STCs: While the actual list may vary based on local site requirements and software configuration, the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, is an approved list of started tasks that may be considered trusted started procedures:
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer