STIG ID - BACF1035: Limit Access to System Dump Data Set

Severity
: 1- High
System dump data sets are used to record system data areas and virtual storage associated with system task failures. System dumps are helpful in error diagnostic and reporting. Unauthorized access could result in the compromise of your organization's operating system environment, external security manager, and customer data.
The organization must ensure that write or greater access to system dump data sets is limited to system programmers and access to JES2 system data sets must be logged, unless a letter justifying access is filed with the Information System Security Officer (ISSO).
This STIG article shows how to review access authorizations to system dump data sets, how to limit write or greater access to only system programmers, and how to log all activity.
Identify Audit Finding
Review the following data to determine if you should consider remediation.
Follow these steps
:
  1. Review the data set rules for all system dump data sets and ensure the following:
    • Write or greater access is limited to system programmers.
    • All access is logged.
    ACF ACCESS DSN('SYS1.DUMP001') ACCESS Subcommand Results as of 08/05/20-12:20 for: SYS1.DUMP001 $Key: SYS1 Ruleline: DUMP UID(*****SYSPROG) READ(A) WRITE(L) ALLOC(L) EXEC(A) ACF
    In this example, the system programmer (SYSPROG) has read, write, and allocate access to the system dump data sets and all activity is logged.
  2. If write or greater access to the system dump data sets is limited to system programmers and all access activity is logged,
    your organization does not have an audit finding.
  3. If the ISSO has a letter justifying access to system dump data sets to someone other than the system programmer,
    your organization does not have an audit finding.
  4. If write or greater access to system dump data sets is not limited to system programmers and all access activity is
    not
    logged,
    your organization has an audit finding.
    See Remediate Audit Findings.
Remediate Audit Finding
The Information System Security Officer (ISSO) is responsible for ensuring that write or greater access to system dump data sets is limited to system programmers and all activity is logged.
Follow these steps:
  1. Evaluate the impact of correcting the deficiency and develop a plan of action to implement the required changes.
  2. Implement controls to specify only system programmers are authorized to write or greater access to system dump data sets:
    $KEY(SYS1) DUMP UID(*****SYSPROG) READ(l) WRITE(L) ALLOC(L) EXEC(L)
    or
    $KEY(SYS1) ROLESET DUMP ROLE(ZSYSPROG) READ(L) WRITE(L) ALLOC(L) EXEC(L)
Implementing controls to system dump data sets protects your organization's operating system environment, external security manager, and customer data.
Control Correlation Identifier (CCI)
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCIs are related to this STIG. For more information, see the National Institute of Standards and Technology website.
CCIs
: CCI-000213, CCI-002234
CCI
:
CCI-000213
Published Date
:
2009-09-14
Definition
:
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Type
:
technical
References
:
NIST: NIST SP 800-53 (v3): AC-3
NIST: NIST SP 800-53 Revision 4 (v4): AC-3
NIST: NIST SP 800-53A (v1): AC-3.1
CCI
:
CCI-002234
Published Date
:
2013-06-24
Definition
:
The information system audits the execution of privileged functions.
Type
:
technical
References
:
NIST: NIST SP 800-53 Revision 4 (v4): AC-6 (9)