Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
IBM zSecure Suite Security Technical Implementation Guide
SRG-APP-000342-MFP-000090
SRG-APP-000342-MFP-000090
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000342-MFP-000090
1 Rule
<GroupDescription></GroupDescription>
The zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and audited.
Medium Severity
<VulnDiscussion>Users authorized to use the zSecure program CKFCOLL can collect z/OS system information that is not accessible to regular users. Users authorized to use the zSecure program CKGRACF can change certain permitted RACF profile definitions that otherwise would not be allowed. Users authorized to use the zSecure program CKRCARLX can fake SMF records. Allowing inappropriate users to use the CKFCOLL, CKGRACF, and CKRCARLX programs could result in disclosure of z/OS installation and configuration information or inappropriate RACF profile or SMF record changes. Satisfies: SRG-APP-000342-MFP-000090,SRG-APP-000343-MFP-000091</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>