ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements.

An XCCDF Rule

Description

CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter data sets (i.e., product, security) could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.

ID: SV-224308r958616_rule
Version: ZCICA011
Severity: Medium
References: CCI-001499
Updated: about 2 months ago

Remediation Templates

The IAO will ensure that update and allocate access to the ACF2/CICS parameter data set is limited to system programmers and security personnel.

Review the access authorizations for CICS system data sets.

UPDATE and/or ALLOCATE access to the ACF2/CICS parameter data set, specified on the ACF2PARM DD statement, is restricted to systems programming personnel and security personnel.
Example:

$KEY(S3C)    
$PREFIX(SYS3)
CICSTS.SYSIN    UID(syspaudt) R(A)  W(L) A(L)  E(A)
CICSTS.SYSIN    UID(secaaudt) R(A)  W(L) A(L)  E(A)
CICSTS.SYSIN    UID(*) PREVENT

SET RULE
COMPILE 'ACF2.MVA.DSNRULES(S3C)' STORE

ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements.

Description

Remediation Templates

A Manual Procedure