UCF STIG Viewer Logo

Resouce Class ROSRES is not defined or active in the ACP.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18011 ZROST038 SV-24847r1_rule DCCS-1 DCCS-2 Medium
Description
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
STIG Date
z/OS ROSCOE for TSS STIG 2015-01-15

Details

Check Text ( C-26482r1_chk )
a) Refer to the following report produced by the ACP Data Collection:

- TSSCMDS.RPT(#RDT)

b) Ensure that Product Resource Class(es) is (are) defined in the Resource Definition Table as follows:

Note: Identify all of the attributes and charactistics of the Product resource class in the TSS Resource Definition Table (delete this note).

RESOURCE CLASS = ROSRES
RESOURCE CODE = X'hex code'
ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000)
ACCESS = WRITE(2000),ALL(FFFF)
DEFACC = READ

c) If all of the items in (b) are true, there is NO FINDING.

d) If any item in (b) is untrue, this is a FINDING.
Fix Text (F-380r1_fix)
The IAO will ensure the Product resource class(es) is (are) defined in the TSS RDT. The IAO will issue one of the following commands to define the Product resource class(es):

TSS REPLACE(RDT) RESCLASS(ROSRES) -
MAXLEN(044) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)

TSS ADDTO(RDT) RESCLASS(ROSRES) -
RESCODE(hex-code) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)