Resource Class ROSRES is not defined or active in the Access Control Program (ACP).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-225604 | ZROST038 | SV-225604r1146143_rule | CCI-000336 | medium |
| Description | ||||
| Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data. | ||||
| STIG | Date | |||
| z/OS ROSCOE for TSS Security Technical Implementation Guide | 2025-09-28 | |||
Details
Check Text (C-225604r1146143_chk)
Refer to the following report produced by the ACP Data Collection:
- TSSCMDS.RPT(#RDT).
If the ROSCOE Resource Class(es) is (are) defined in the Resource Definition Table (RDT) as follows, this is not a finding.
RESOURCE CLASS = ROSRES
RESOURCE CODE = X'hex code'
ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000)
ACCESS = WRITE(2000),ALL(FFFF)
DEFACC = READ
Fix Text (F-27292r1070310_fix)
The ISSO will ensure the Product resource class(es) is (are) defined in the TSS RDT. The ISSO will issue one of the following commands to define the Product resource class(es):
TSS REPLACE(RDT) RESCLASS(ROSRES) -
MAXLEN(044) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)
TSS ADDTO(RDT) RESCLASS(ROSRES) -
RESCODE(hex-code) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)