ROSCOE STC data sets are not properly protected.

An XCCDF Rule

Description

<VulnDiscussion>ROSCOE STC data sets provide the capability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to their data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-224337r958616_rule
Severity: Medium
References: CCI-001499
Updated: 16 days ago

The IAO will ensure that update and allocate access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and allocate access is logged.

The IAO will ensure that all other accesses  to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.

Data sets to be protected will be
SYS3.ROSCOE.SYS**
SYS3.ROSCOE.ROSLIB**

Example:

SET RULE
$KEY(SYS3)
ROSCOE.SYS- UID(syspudt) R(A) W(L) A(L) E(A) 
ROSCOE.SYS- UID(stc roscoe) R(A) W(L) A(L) E(A)
ROSCOE.ROSLIB- UID(syspudt) R(A) W(L) A(L) E(A) 
ROSCOE.ROSLIB- UID(stc roscoe) R(A) W(L) A(L) E(A)

ROSCOE STC data sets are not properly protected.

Description

Remediation - Manual Procedure