← Back to z/OS Front End Processor for ACF2 Security Technical Implementation Guide

V-230187

CAT II (Medium)

NCP (Net Work Control Program) dataset access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel.

Rule ID

SV-230187r1141511_rule

STIG

z/OS Front End Processor for ACF2 Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-001499

Discussion

If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.

Check Content

Refer to the following report produced by the dataset and Resource Data Collection:

- SENSITVE.RPT(NCPRPT).

The ACP dataset rules for NCP datasets allow inappropriate access. If the following guidance is true, this is not a finding.

The ACP dataset rules for NCP datasets restrict WRITE and/or greater access to authorized personnel (e.g., systems programming personnel).

Fix Text

Identify Names of the following datasets used for installation and in development/production environments:

- NCP system datasets.
- NCP source definition datasets.
- NCP load modules.
- NCP host dump datasets.
- NCP utility programs.

Have the ISSO validate that they are properly protected by the ACP and that only authorized personnel are permitted WRITE and/or greater access (e.g., z/OS systems programming personnel).