WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted.
An XCCDF Rule
Description
<VulnDiscussion>MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to properly protect these data sets may lead to unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224556r868590_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The systems programmer will have the ISSO ensure that all update and alter access to MQSeries/WebSphere MQ product and system data sets are restricted to WebSphere MQ administrators, systems programmers, and MQSeries/WebSphere MQ started tasks.
The installation requires that the following data sets be APF authorized.
hlqual.SCSQAUTH
hlqual.SCSQLINK