STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to z/OS ROSCOE for TSS Security Technical Implementation Guide

V-225599

CAT II (Medium)

ROSCOE STC data sets are not properly protected.

Rule ID

SV-225599r1146130_rule

STIG

z/OS ROSCOE for TSS Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-001499

Discussion

ROSCOE STC data sets provide the capability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to their data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.

Check Content

Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ROSSTC).

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZROS0001).

Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL. If the following guidance is true, this is not a finding.
 
The TSS data set rules for the data sets restrict WRITE and/or greater access to systems programming personnel.

The TSS data set rules for the data sets restrict WRITE and/or greater access to the product STC(s) and/or batch job(s).

Fix Text

The ISSO will ensure that WRITE and/or greater/create access to the ROSCOE started task or batch job data sets is limited to systems programmers and the started task only and all WRITE and/or greater/create access is logged.

The ISSO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.

Data sets to be protected will be

SYS3.ROSCOE.SYS**
SYS3.ROSCOE.ROSLIB**

The following commands are provided as a sample for implementing data set controls: 

TSS ADD(SYS3) DSN(SYS3) 
TSS PER(syspaudt) DSN(SYS3.ROSCOE.SYS) ACC(R) 
TSS PER(syspaudt) DSN(SYS3.ROSCOE.SYS) ACC(A) ACTION(AUDIT)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.SYS) ACC(R) 
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.SYS) ACC(A) ACTION(AUDIT)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.ROSLIB) ACC(R)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.ROSLIB) ACC(A) ACTION(AUDIT)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.ROSLIB) ACC(R)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.ROSLIB) ACC(A) ACTION(AUDIT)