STIG ID - BACF0014: Control Automatic Physical Erasure of Data Sets

Define GSO AUTOERAS to control automatic physical erasure of data sets
Severity
: 2 - Medium
The GSO AUTOERAS record controls if erase-on-scratch processing is performed when you delete data sets. Erase-on-scratch processing provides protection from anyone allocating a new data set at the same location, opening it for input, and reading your data.
The organization must ensure that the GSO AUTOERAS value indicates that
ACF2
is controlling the automatic physical erasure of data sets.
This STIG article addresses how to set
ACF2
to control automatic physical erasure of data sets by defining the GSO AUTOERAS record.
Identify Audit Finding
Complete these steps to determine if you should consider remediation:
Follow these steps:
  1. List the GSO AUTOERAS record to determine if the
    ERASEALL
    and
    PROCESS(SAF)
    fields are defined. These fields control the erase-on-scratch processing.
    SET CONTROL(GSO) CONTROL LIST AUTOERAS XXXX / AUTOERAS LAST CHANGED BY XXXXXXXX on 01/20/20-15:01
    NOERASEALL
    NONONVSAM
    PROCESS(ACF2)
    NOSECLEVEL SECLVL(0) VOLS() NOVSAM CONTROL
    In this example, the
    NONERASEALL
    and
    PROCESS(ACF2)
    are defined, which differs from the suggested field values of
    ERASEALL
    and
    PROCESS(SAF)
    .
    • ERASEALL|
      NOERASEALL
      Valid when PROCESS(SAF) is in effect. This setting controls whether all data sets, including temporary, undergo erase-on-scratch processing during delete or release processing.
      Default
      : NOERASEALL
    • PROCESS(SAF|
      ACF2)
      Specifies how erase-on-scratch processing is to be handled on this system. For
      ACF2
      v16, PROCESS(SAF) is recommended.
  2. If the GSO AUTOERAS record field values are set to ERASEALL and PROCESS(SAF),
    your organization does not have an audit finding.
  3. If the GSO AUTOERAS record field values are
    not
    set to ERASEALL and PROCESS(SAF),
    your organization has an audit finding
    . See Remediate Audit Finding.
Remediate Audit Finding
z/OS System/LPAR Level Mainframe Security Team (ZSECTEAM) is the only role that should have access to change the GSO AUTOERAS control option. Limit all access to change GSO control options to time frames of approved changes and reduced to view only outside of approved change windows.
Follow these steps:
  1. Set the
    GSO AUTOERAS
    record field value to
    ERASEALL
    and
    PROCESS(SAF)
    .
    SET CONTROL(GSO) CONTROL CHANGE AUTOERAS
    ERASEALL PROCESS(SAF)
    F ACF2,REFRESH(AUTOERAS) CONTROL
    The system is now set to SAF and erases data sets automatically before releasing the space for future use.
  2. Verify the GSO AUTOERAS record field values changed:
    SET CONTROL(GSO) CONTROL SHOW AUTOERAS -- AUTOMATIC ERASE OPTIONS --
    ERASE PROCESS=SAF
    -- ACF2 ERASE PROCESS CONFIGURATIONS -- VSAM ERASE=NO NON-VSAM ERASE=NO -- AUTOMATIC ERASE VOLUMES -- NONE SPECIFIED -- SAF ERASE PROCESS CONFIGURATIONS --
    ERASEALL=YES
    SECLEVEL=NO SECLVL NUMBER = 0 CONTROL
Control of automatic physical erasure of data sets is now defined, providing protection from anyone allocating a new data set at the same location, opening it for input, and reading your data. 
Control Correlation Identifier
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCI is related to this STIG article. For more information, see the National Institute of Standards and Technology website.
CCI's
: CCI-001028 and CCI--1090
CCI
:
CCI-001028
Published Date
:
2009-09-21
Definition
:
The organization sanitizes organization-defined information system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures in accordance with applicable federal and organizational standards and policies.
Type
:
policy
References
:
NIST: NIST SP 800-53 (v3): MP-6
NIST: NIST SP 800-53 Revision 4 (v4): MP-6 a
NIST SP 800-53A (v1): MP-6.1 (ii)
CCI
:
CCI-001090
Published Date
:
2009-09-21
Definition
:
The information system prevents unauthorized and unintended information transfer via shared system resources.
Type
:
technical
References
:
NIST: NIST SP 800-53 (v3): SC-4
NIST: NIST SP 800-53 Revision 4 (v4): SC-4
NIST: NIST SP 800-53A (v1): SC-4.1