CA-TSS Default ACID must be properly defined.

An XCCDF Rule

Description

<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223966r958726_rule
Severity: Medium
References: CCI-002235
Updated: 17 days ago

Ensure the default STC ACID is defined in accordance with the following restrictions. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as specified.

All STCs not defined to TSS will fail upon initiation. The following command may be used to associate all undefined STCs with a default action of FAIL:

TSS ADD(STC) PROCNAME(DEFAULT) ACID(FAIL)
If a valid requirement exists to establish a default STC, the following restrictions also apply:

a. The ISSO will maintain the written request, justification, and authorization.

b. The STC's ACID will have no other facilities permitted to it.

c. The STC's ACID will have a permission of DSN(*****) ACCESS(NONE).

TSS PERMIT(stc-acid) DSN(*****) ACCESS(NONE)

d. The STC's ACID will not have any permission to the resources available to TSS.

e. The STC's ACID will be sourced to the internal reader:

ADD(stc-acid) SOURCE(INTRDR)

f. An entry will be made in the STC table identifying the default ACID name as follows ("stc-acid" site defined):

TSS ADD(STC) PROCNAME(DEFAULT) ACID(stc-acid)

CA-TSS Default ACID must be properly defined.

Description

Remediation - Manual Procedure