IBM Security zSecure access to user data sets must be properly restricted and logged.
An XCCDF Rule
Description
<VulnDiscussion>If zSecure were to allow inappropriate reading or updating of user data sets, sensitive information could be disclosed, or changes might result in incorrect results reported by the product. Only qualified and authorized individuals must be allowed to create, read, update, and delete zSecure user data sets.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259730r943224_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The following commands are provided as a sample for implementing zSecure user data set controls:
ad 'hlq.zsec.user.assert/ckfreeze/unload.dsn' uacc(none) owner(zSecure owner) -
audit(success(update) failures(read))
pe 'hlq.zsec.user.assert/ckfreeze/unload.dsn' id(AUDTAUDT, AUTOAUDT, SECAAUDT, SECDAUDT, SECBAUDT, TSTCAUDT) access(READ)