STIG ID - BACF0014: Control Automatic Physical Erasure of Data Sets
Define GSO AUTOERAS to control automatic physical erasure of data sets
Severity: 2 - Medium
The GSO AUTOERAS record controls if erase-on-scratch processing is performed when you delete data sets. Erase-on-scratch processing provides protection from anyone allocating a new data set at the same location, opening it for input, and reading your data.
The organization must ensure that the GSO AUTOERAS value indicates that
ACF2is controlling the automatic physical erasure of data sets.
This STIG article addresses how to set
ACF2to control automatic physical erasure of data sets by defining the GSO AUTOERAS record.
Identify Audit Finding
Complete these steps to determine if you should consider remediation:
Follow these steps:
- List the GSO AUTOERAS record to determine if theERASEALLandPROCESS(SAF)fields are defined. These fields control the erase-on-scratch processing.SET CONTROL(GSO) CONTROL LIST AUTOERAS XXXX / AUTOERAS LAST CHANGED BY XXXXXXXX on 01/20/20-15:01NOERASEALLNONONVSAMPROCESS(ACF2)NOSECLEVEL SECLVL(0) VOLS() NOVSAM CONTROLIn this example, theNONERASEALLandPROCESS(ACF2)are defined, which differs from the suggested field values ofERASEALLandPROCESS(SAF).
- ERASEALL|NOERASEALLValid when PROCESS(SAF) is in effect. This setting controls whether all data sets, including temporary, undergo erase-on-scratch processing during delete or release processing.Default: NOERASEALL
- PROCESS(SAF|ACF2)Specifies how erase-on-scratch processing is to be handled on this system. ForACF2v16, PROCESS(SAF) is recommended.
- If the GSO AUTOERAS record field values are set to ERASEALL and PROCESS(SAF),your organization does not have an audit finding.
- If the GSO AUTOERAS record field values arenotset to ERASEALL and PROCESS(SAF),your organization has an audit finding. See Remediate Audit Finding.
Remediate Audit Finding
z/OS System/LPAR Level Mainframe Security Team (ZSECTEAM) is the only role that should have access to change the GSO AUTOERAS control option. Limit all access to change GSO control options to time frames of approved changes and reduced to view only outside of approved change windows.
Follow these steps:
- Set theGSO AUTOERASrecord field value toERASEALLandPROCESS(SAF).SET CONTROL(GSO) CONTROL CHANGE AUTOERASERASEALL PROCESS(SAF)F ACF2,REFRESH(AUTOERAS) CONTROLThe system is now set to SAF and erases data sets automatically before releasing the space for future use.
- Verify the GSO AUTOERAS record field values changed:SET CONTROL(GSO) CONTROL SHOW AUTOERAS -- AUTOMATIC ERASE OPTIONS --ERASE PROCESS=SAF-- ACF2 ERASE PROCESS CONFIGURATIONS -- VSAM ERASE=NO NON-VSAM ERASE=NO -- AUTOMATIC ERASE VOLUMES -- NONE SPECIFIED -- SAF ERASE PROCESS CONFIGURATIONS --ERASEALL=YESSECLEVEL=NO SECLVL NUMBER = 0 CONTROL
Control of automatic physical erasure of data sets is now defined, providing protection from anyone allocating a new data set at the same location, opening it for input, and reading your data.
Control Correlation Identifier
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCI is related to this STIG article. For more information, see the National Institute of Standards and Technology website.
CCI's: CCI-001028 and CCI--1090
The organization sanitizes organization-defined information system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures in accordance with applicable federal and organizational standards and policies.
NIST: NIST SP 800-53 (v3): MP-6
NIST: NIST SP 800-53 Revision 4 (v4): MP-6 a
NIST SP 800-53A (v1): MP-6.1 (ii)
The information system prevents unauthorized and unintended information transfer via shared system resources.
NIST: NIST SP 800-53 (v3): SC-4
NIST: NIST SP 800-53 Revision 4 (v4): SC-4
NIST: NIST SP 800-53A (v1): SC-4.1