Rule ID
SV-224346r1141651_rule
Version
V7R2
CCIs
Tivoli Asset Discovery for z/OS (TADz) requires a started task(s) that will be restricted to certain resources, datasets and other system functions. By defining the started task as a userid to the system Access Control Program (ACP), it allows the ACP to control the access and authorized users that require these capabilities. Failure to properly control these capabilities, could compromise of the operating system environment, ACP, and customer data.
Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(LOGONIDS). Verify that the logonid(s) for the TADz started task(s) is (are) properly defined. If the following attributes are defined, this is not a finding. For each STC logonid: STC For each Batch logonid: JOB
The TADz systems programmer and the ISSO will ensure that a product's Started Task(s) is properly identified / defined to the System ACP. If the product requires a Started Task, verify that it is properly defined to the System ACP with the proper attributes. Most installation manuals will indicate how the Started Task is identified and any additional attributes that must be specified. Example: SET LID CHANGE TADZMON STC