Documentation - V-223661

V-223661

IBM z/OS RACF Security Technical Implementation Guide

CAT II

Title

IBM RACF started tasks defined with the trusted attribute must be justified.

Description

<VulnDiscussion>Trusted Started tasks bypass RACF checking. It is vital that this attribute is NOT granted to unauthorized Started Tasks which could then obtain unauthorized access to the system. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance...

Fix Text (Documentation Requirement)

Review assignment of the TRUSTED attribute in ICHRIN03 and/or the STARTED resource class. Ensure only those trusted STCs that are listed in the IBM z/OS MVS Initialization and Tuning Reference have been granted this authority. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes. While the actual list may vary based on local site requirements and software configuration, the started tasks listed in the IBM z/OS MVS Initialization and Tuning Reference is an approved list of started tasks that may be considered trusted started procedures. Guidelines for reference: Assign the TRUSTED attribute when one of the following conditions applies: -The started procedure or address space creates or accesses a wide variety of unpredictably named data sets ...

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel