Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Batch job user Ids must be properly defined.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17839 | RACF0595 | SV-19114r3_rule | Medium |
| Description |
|---|
| Batch jobs are submitted to the operating system under their own USERID. This will identify the batch job with the user for the purpose of accessing resources. BATCHALLRACF ensures that a valid USERID is associated with batch jobs. Jobs that are submitted to the operating system via a scheduling facility must also be identified to the system. Without a batch job having an associated USERID, access to system resources will be limited. |
| STIG | Date |
|---|---|
| z/OS RACF STIG | 2017-03-22 |
Details
| Check Text ( C-19366r3_chk ) |
|---|
| Refer to the documentation of the processes used for submission of batch jobs via an automated process (i.e., scheduler or other sources) and each of the associated user IDs. From a command input screen enter: LISTUSER(each identified batch job) Alternately: Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(LISTUSER) The following USERID record fields/attributes must be specified: NAME PROTECTED No USERID has the LAST-ACCESS field set to UNKNOWN. If both of the above are true, this is not a finding. If either of the USERID record fields/attributes (NAME and/or PROTECTED) are blank and/or the LAST ACCESS field is set to unknown, this is a finding. |
| Fix Text (F-17759r2_fix) |
|---|
| Ensure the following: Associated USERIDs exist for all batch jobs and documentation authorizing access to system resources is maintained and implemented. Set up the userids with the RACF PROTECTED attribute. A sample RACF command to accomplish is shown here: ALU |