STIG ID - BACF1032: Limit Access to SYS1.UADS

Severity
: 1- High
The SYS1.UADS data set contains users authorized to access the mainframe system in case of an emergency. The data set ensures that logon processing can occur when
ACF2
is not functional. Unauthorized access could result in the compromise of your organization's operating system environment, external security manager, and customer data. SYS1.UADS contains the emergency userid and password in the clear.
Your organization must ensure that the following:
  • Write or greater access to the SYS1.UADS data set is limited to system programmers and all activity to the data set is logged only when SYS1.UADS maintenance is required. Upon completion of maintenance, access must be removed.
  • Read and write access must be limited to
    ACF2
    security administrators and only during the time that updates to SYS1.UADS is required.
This STIG article shows how to review access authorizations to the SYS1.UADS data set, how to limit write or greater access to only system programmers, and how to log all activity.
Identify Audit Finding
Review the following data to determine if you should consider remediation:
Follow these steps
:
  1. Review access to the SYS1.UADS data set and ensure the following:
    1. Write or greater access is limited to system programmers for maintenance periods only.
    2. Read and write access must be limited to
      ACF2
      security administrators only during the times that updates to SYS1.UADS is required.
    3. All access is logged.
    ACF ACCESS DSN('SYS1.UADS') ACCESS Subcommand Results as of 08/07/20-3:20 for: SYS1.UADS $Key: SYS1 Ruleline: SYS1.UADS UID(*****SYSPROG) READ(A) WRITE(L) ALLOC(L) EXEC(A) ACF
    In this example, the system programmer (SYSPROG) has read, write, and allocate access to the SYS1.UADS data set and all activity is logged.
  2. If 1a and 1c are true,
    your organization does not have an audit finding.
  3. If 1a, 1b, or 1c are not true,
    your organization has an audit finding.
    See Remediate Audit Findings
Remediate Audit Finding
The Information System Security Officer (ISSO) is responsible for ensuring that write or greater access to the SYS1.UADS data set is limited to system programmers and all activity is logged.
Follow these steps:
  1. Evaluate the impact of correcting the deficiency and develop a plan of action to implement the required changes.
  2. Implement controls to specify only system programmers are authorized to write or greater access to the SYS1.UADS data sets:
    $KEY(SYS1) UADS UID(*****SYSPROG) READ(A) WRITE(L) ALLOC(L) EXEC(A)
    or
    $KEY(SYS1) ROLESET UADS ROLE(ZSYSPROG) READ(A) WRITE(L) ALLOC(L) EXEC(A)
    The SYSPROG is now authorized to update and alter the SYS1.UADS data set.
Implementing controls to the SYS1.UADS data set protects your organization's operating system environment, external security manager, and customer data.
Control Correlation Identifier (CCI)
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCIs are related to this STIG. For more information, see the National Institute of Standards and Technology website.
CCIs
: CCI-000213, CCI-002234
CCI
:
CCI-000213
Published Date
:
2009-09-14
Definition
:
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Type
:
technical
References
:
NIST: NIST SP 800-53 (v3): AC-3
NIST: NIST SP 800-53 Revision 4 (v4): AC-3
NIST: NIST SP 800-53A (v1): AC-3.1
CCI
:
CCI-002234
Published Date
:
2013-06-24
Definition
:
The information system audits the execution of privileged functions.
Type
:
technical
References
:
NIST: NIST SP 800-53 Revision 4 (v4): AC-6 (9)