zSecure must prevent nonprivileged users from executing privileged zSecure functions.

An XCCDF Rule

Description

<VulnDiscussion>Preventing nonprivileged users from executing privileged zSecure functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileged functions include, for example, running COLLECT jobs, generating audit reports, and adjusting RACF security settings. Nonprivileged users are individuals who do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from nonprivileged users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259733r943233_rule
Severity: Medium
References: CCI-002235
Updated: 19 days ago

Ensure that the following high-level qualifier profiles are defined in the configured zSecure class, by default XFACILIT, with UACC (NONE) and not in WARNING mode: 
CKF.**
CKN*.** 
CKG.**
CKR.**
C2R.** (if you use zSecure Visual)C2X.**

A minimum of all failed access must be logged. 

rdef xfacilit CKF.** uacc(none) owner(zSecure owner)
rdef xfacilit CKN*.** uacc(none) owner(zSecure owner)
rdef xfacilit CKG.** uacc(none) owner(zSecure owner)

zSecure must prevent nonprivileged users from executing privileged zSecure functions.

Description

Remediation - Manual Procedure