CA-ACF2 allocate access to system user catalogs must be properly protected.

An XCCDF Rule

Description

<VulnDiscussion>Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include: access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223435r958472_rule
Severity: Medium
References: CCI-000213 CCI-002235
Updated: 17 days ago

Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect USER CATALOGS.

Configure ACF2 rules for allocate access to USER CATALOGS, limited to system programmers only, and all allocate access is logged.

Configure ACF2 rules for the USER CATALOGS to allow any Products or procedures system programmer access for system-level maintenance that meets the following specific case:
- The batch job or procedure must be documented in the SITE Security Plan.- Reside in a data set that is restricted to systems programmers' access only.   

Note: If the USER CATALOGS contain SMS managed data sets READ access is sufficient to allow user operations. If the USER CATALOGS do not contain SMS managed datasets WRITE access is required for user operation.

CA-ACF2 allocate access to system user catalogs must be properly protected.

Description

Remediation - Manual Procedure