Access to IBM Security zSecure STC data sets must be properly restricted and logged.
An XCCDF Rule
Description
<VulnDiscussion>IBM Security zSecure STC have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these zSecure STC data sets could result in violating the integrity of the base product, which could compromise the operating system or sensitive data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259729r943250_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Ensure that READ and higher access to zSecure STC data sets is restricted to authorized users, and all failures and successful UPDATE and higher access is logged.
Appropriate access can be permitted to auditors, decentralized security administrators, security administrators, automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users and systems programmers.
The following commands are provided as a sample for implementing zSecure STC data set controls:
ad 'hlq.zsec.alert.ckfreeze' uacc(none) owner(zSecure owner) -