ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements.

An XCCDF Rule

Description

<VulnDiscussion>CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter data sets (i.e., product, security) could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-224308r520246_rule
Severity: Medium
References: CCI-001499
Updated: 17 days ago

The IAO will ensure that update and allocate access to the ACF2/CICS parameter data set is limited to system programmers and security personnel.

Review the access authorizations for CICS system data sets.

UPDATE and/or ALLOCATE access to the ACF2/CICS parameter data set, specified on the ACF2PARM DD statement, is restricted to systems programming personnel and security personnel.
Example:

$KEY(S3C)    
$PREFIX(SYS3)
CICSTS.SYSIN    UID(syspaudt) R(A)  W(L) A(L)  E(A)
CICSTS.SYSIN    UID(secaaudt) R(A)  W(L) A(L)  E(A)
CICSTS.SYSIN    UID(*) PREVENT

SET RULE
COMPILE 'ACF2.MVA.DSNRULES(S3C)' STORE

ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements.

Description

Remediation - Manual Procedure