STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to z/OS Compuware Abend-AID for ACF2 Security Technical Implementation Guide

V-224292

CAT II (Medium)

Compuware Abend-AID user datasets must be properly protected.

Rule ID

SV-224292r1141335_rule

STIG

z/OS Compuware Abend-AID for ACF2 Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-001499

Discussion

Compuware Abend-AID user datasets have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these datasets could result in violating the integrity of the base product, which could result in compromising the operating system or sensitive data.

Check Content

Refer to the following report produced by the dataset and Resource Data Collection:

- SENSITVE.RPT(AIDUSER).

Automated Analysis
Refer to the following report produced by the dataset and Resource Data Collection:

- PDI(ZAID0002).

Verify that the accesses to the following Compuware Abend-AID user datasets are properly restricted. If the following guidance is true, this is not a finding.

Region dump datasets
Report databases
Source listing files/source listing shared directories

The ACF2 dataset rules for the listed datasets restrict READ access to auditors.

The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to systems programming personnel.

The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to the Compuware Abend-AID's STC(s) and/or batch user(s).

The ACF2 dataset rules for the listed datasets restrict WRITE access to application development programmers and Application Production Support Team members.

Fix Text

Ensure that WRITE and/or greater access to Compuware Abend-AID user datasets is limited to systems programmers and Compuware Abend-AID STC(s) and/or batch user(s) only. 

Ensure that WRITE access to Compuware Abend-AID user datasets is limited to application development programmers and Application Production Support Team members. READ access can be given to auditors.

(Note: The datasets and/or dataset prefixes identified below are examples of a possible installation. The actual datasets and/or prefixes are determined when the product is installed on a system through the product's installation guide and can be site specific.)

Datasets to be protected will be:
Region dump datasets
Report databases
Source listing files/source listing shared directories

The following commands are provided as a sample for implementing dataset controls:

$KEY(S3A) 
$PREFIX(SYS3)
ABENDAID.SHARED-.- UID(appdaudt) R(A) W(A)
ABENDAID.SHARED-.- UID(appsaudt) R(A) W(A)
ABENDAID.SHARED-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A)
ABENDAID.SHARED-.- UID(syspaudt) R(A) W(A) A(A) E(A)

ABENDAID.SHARED-.- UID(tstcaudt) R(A) W(A) A(A) E(A)
ABENDAID.SHARED-.- UID(audtaudt) R(A)
ABENDAID.REPORTDB-.- UID(appdaudt) R(A) W(A)
ABENDAID.REPORTDB-.- UID(appsaudt) R(A) W(A)
ABENDAID.REPORTDB-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A)
ABENDAID.REPORTED-.- UID(syspaudt) R(A) W(A) A(A) E(A)
ABENDAID.REPORTED-.- UID(tstcaudt) R(A) W(A) A(A) E(A) 
ABENDAID.REPORTDB-.- UID(audtaudt) R(A)

SET RULE
COMPILE 'ACF2.MVA.DSNRULES(S3A)' STORE