Skip to content

ROSCOE STC data sets are not properly protected.

An XCCDF Rule

Description

<VulnDiscussion>ROSCOE STC data sets provide the capability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to their data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-225599r520858_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The IAO will ensure that update and allocate/create access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and allocate/create access is logged.

The IAO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.

Data sets to be protected will be