From z/OS TSS STIG
Part of TSS0950
Associated with IA controls: DCCS-1, DCCS-2
The MISC9 authority deals with higher level administrative authorities. One of the authorities is BYPASS, which can bypass security on the system. This violates the principle of individual user accountability. If this authority is not monitored, the potential for system degradation or destruction could happen. Only the appointed SCA's who are responsible for the security at the domain shall have MISC9 admin rights except MISC9(Generic) may be granted to any DCA,VCA,ZCA,LSCA,SCA.
a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(@ADMIN) b) Review ACIDs having MISC9(ALL) or MISC9(CONSOLE) authority under administrative authorities. Only designated SCA's who are responsible for the security for the domain will be allowed this authority. c) If (b) above is in compliance, there is NO FINDING. d) If (b) above is not in compliance, this is a FINDING.
Review all ACIDs with the MISC9 attribute. Evaluate the impact of removing MISC9(ALL) or MISC9(CONSOLE) access from ACIDs not required to assign the CONSOLE attribute. It is suggested that MISC9(CONSOLE) assignment privileges be limited to the MSCA. Develop a plan of action and implement the changes.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer