The Mainframe Product must prevent software as identified in the site security plan from executing at higher privilege levels than users executing the software.
An XCCDF Rule
Description
<VulnDiscussion>In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-205545r851313_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Using information from the Mainframe Product about privileged function, configure the external security manager to enforce submitting jobs on behalf of another user parameters.