Rule ID
SV-224308r1141393_rule
Version
V7R2
CCIs
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter datasets (i.e., product, security) could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
Refer to the following report produced by the ACF2 Data Collection: - SENSITVE.RPT(CICSRPT). Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010. WRITE and/or greater access to the ACF2/CICS parameter dataset, specified on the ACF2PARM DD statement, is restricted to systems programming personnel and security personnel. If this guidance is true, this is not a finding.
The ISSO will ensure that WRITE and/or greater access to the ACF2/CICS parameter dataset is limited to systems programmers and security personnel. Review the access authorizations for CICS system datasets. WRITE and/or greater access to the ACF2/CICS parameter dataset, specified on the ACF2PARM DD statement, is restricted to systems programming personnel and security personnel. Example: $KEY(S3C) $PREFIX(SYS3) CICSTS.SYSIN UID(syspaudt) R(A) W(L) A(L) E(A) CICSTS.SYSIN UID(secaaudt) R(A) W(L) A(L) E(A) CICSTS.SYSIN UID(*) PREVENT SET RULE COMPILE 'ACF2.MVA.DSNRULES(S3C)' STORE