From z/OS TSS STIG
Part of ZIDM0032
Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1
Improperly defined IDMS central versions (CVs) have the potential to bypass security controls and obtain unauthorized access to system resources. This could potentially compromise the confidentiality, integrity, and availability of the operating system, ACP, and customer data.
a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(WHOOPROP) Refer to the IDMS Worksheet in the z/OS STIG Addendum and copy it and fill out the information for each IDMS CV running on this LPAR. b) Ensure the following items are in effect: - ACIDs of IDMS CVs that runs as a started task, have the following: Are owned in the PROPCNTL resource class. - ACIDs of IDMS CVs that runs as a batch job, have the following: Are owned in the PROPCNTL resource class. c) If both items in (b) are true, there is NO FINDING. d) If either item in (b) is untrue, this is a FINDING.
Propagation control must be implemented for each region/CV to ensure that the CV's ACID is not propagated to batch jobs submitted by that region. This is accomplished by defining each IDMS CV ACID to the PROPCNTL resource class. The following command example shows an IDMS CV ACID being owned to the PROPCNTL resource class: TSS ADD(deptacid) PROPCNTL(idms-cv-acid)
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer