ROSCOE STC data sets are not properly protected.
An XCCDF Rule
Description
<VulnDiscussion>ROSCOE STC data sets provide the capability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to their data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-225599r958616_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The IAO will ensure that update and allocate/create access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and allocate/create access is logged.
The IAO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.
Data sets to be protected will be