Started tasks for IBM Security zSecure products must be properly defined.
An XCCDF Rule
Description
Started tasks and batch job IDs can be automatically revoked accidentally if not properly protected. When properly protected STCs prevent any attempts to log on with a password, it eliminates the possibility of revocation due to excessive invalid password attempts (denial of service).
- ID
- SV-259731r1051324_rule
- Version
- ZSEC-00-000100
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Ensure user IDs assigned to zSecure started tasks and scheduled batch jobs are assigned the PROTECTED attribute and/or defined as an STC.
The following command is provided as a sample for adding the PROTECTED attribute. Convert this command for any other ESM:
- ALTUSER <stuser> NOPASSWORD NOPHRASE
- ALTUSER <batch user ID> NOPASSWORD NOPHRASE