IBM RACF use of the RACF SPECIAL Attribute must be justified.

An XCCDF Rule

Description

<VulnDiscussion>The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223713r991589_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

Review all USERIDs with the SPECIAL attribute. Ensure documentation providing justification for access is maintained and filed with the ISSO, and that unjustified access is removed.

For the SYSTEM SPECIAL attribute:

A sample command for removing the SPECIAL attribute is shown here: ALU <userid> NOSPECIAL.
For the GROUP SPECIAL attribute:

CO <user> GROUP(<groupname>) NOSPECIAL

IBM RACF use of the RACF SPECIAL Attribute must be justified.

Description

Remediation - Manual Procedure