Documentation - V-223967

Title

The CA-TSS BYPASS attribute must be limited to trusted STCs only.

Description

<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileged functions include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-privileged users are individuals that do not possess appropriate authorizations. Circumventing intrusion detection and prevention m...

Fix Text (Documentation Requirement)

Review the STC record for ACIDs with the BYPASS attribute. Ensure only those trusted STCs that are listed in the IBM z/OS MVS Initialization and Tuning Reference, have been granted this authority. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes. Trusted STCs: While the actual list may vary based on local site requirements and software configuration, the started tasks listed in the IBM z/OS MVS Initialization and Tuning Reference is an approved list of started tasks that may be considered trusted started procedures. Guidelines for reference: Assign the TRUSTED attribute when one of the following conditions applies: -The started procedure or address space creates or accesses a wide variety of unpredictably named data sets within your ...