The IBM z/OS IEASYMUP resource must be protected in accordance with proper security requirements.

An XCCDF Rule

Description

<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223691r958726_rule
Severity: Medium
References: CCI-002235
Updated: 17 days ago

Ensure that the System level symbolic resources are defined to the FACILITY resource class and protected. UPDATE access to the System level symbolic resources are limited to System Programmers, DASD Administrators, and/or Tape Library personnel. All access is logged. Ensure the guidelines for the resources and/or generic equivalent are followed.

Limit access to the IEASYMUP resources to above personnel with UPDATE and/or greater access.

The following commands are provided as a sample for implementing resource controls:
rdef facility ieasymup.* uacc(none) owner(admin) -
audit(all(read)) -
data('protected per acp00350')
rdef facility ieasymup.symbolname uacc(none) owner(admin) -
audit(all(read)) -
data('protected per acp00350')

pe ieasymup.symbolname cl(facility) id(<dasdsmpl) acc(u)
pe ieasymup.symbolname cl(facility) id(<syspsmpl) acc(u)
pe ieasymup.symbolname cl(facility) id(<tapesmpl) acc(u)

The IBM z/OS IEASYMUP resource must be protected in accordance with proper security requirements.

Description

Remediation - Manual Procedure