OpenControls Logo

STIG Viewer

MVS datasets for the WebSphere Application Server are not protected in accordance with the proper security requirements.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-224349ZWAS0010SV-224349r1141669_ruleCCI-001499medium
Description
MVS datasets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to properly protect these datasets may lead to unauthorized access. This exposure could compromise the integrity and availability of system services, applications, and customer data.
STIGDate
zOS WebSphere Application Server for ACF2 Security Technical Implementation Guide2025-09-26

Details

Check Text (C-224349r1141669_chk)

Refer to the following reports produced by the dataset and Resource Data Collection: - SENSITVE.RPT(HTTPRPT). - SENSITVE.RPT(WASRPT). If the following dataset controls are in effect for WAS, this is not a finding. The ACP dataset rules restrict WRITE and/or greater access to HTTP product datasets (i.e., SYS1.IMW.AIMW** and SYS1.IMW.SIMW**) is restricted to systems programming personnel. Note: If the HTTP server is not used with WAS, this check can be ignored. The ACP dataset rules restrict WRITE and/or greater access to WAS product datasets and associated product datasets are restricted to systems programming personnel. SYS*.EJS.V3500108.** (WebSphere 3.5) SYS*.WAS.V401.** (WebSphere 4.0.1) SYS*.OE.** (Java) SYS*.JAVA** (Java) SYS*.DB2.V710107.** (DB2) SYS*.GLD.** (LDAP) SYS1.LE.** (Language Environment)

Fix Text (F-26014r1141668_fix)

The ISSO will ensure that WebSphere server datasets restrict WRITE and/or greater access to systems programming personnel. Ensure the following dataset controls are in effect for WAS: WRITE and/or greater access to HTTP product datasets (i.e., SYS1.IMW.AIMW** and SYS1.IMW.SIMW**) are restricted to systems programming personnel. Note: If the HTTP server is not used with WAS, this check can be ignored. WRITE and/or greater access to WAS product datasets and associated product datasets are restricted to systems programming personnel. SYS*.EJS.V3500108.** (WebSphere 3.5) SYS*.WAS.V401.** (WebSphere 4.0.1) SYS*.OE.** (Java) SYS*.JAVA** (Java) SYS*.DB2.V710107.** (DB2) SYS*.GLD.** (LDAP) SYS1.LE.** (Language Environment)