Resource Class ROSRES is not defined or active in the Access Control Program (ACP).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-225604 | SRG-OS-000309 | ZROST038 | SV-225604r1070311_rule | 2025-03-05 | 7 |
| Description |
|---|
| Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data. |
| ℹ️ Check |
|---|
| Refer to the following report produced by the ACP Data Collection: - TSSCMDS.RPT(#RDT) Ensure that Product Resource Class(es) is (are) defined in the Resource Definition Table as follows: Note: Identify all of the attributes and characteristics of the Product resource class in the TSS Resource Definition Table (delete this note). RESOURCE CLASS = ROSRES RESOURCE CODE = X'hex code' ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000) ACCESS = WRITE(2000),ALL(FFFF) DEFACC = READ If all of the items in (b) are true, this is not a finding. If any item in (b) is untrue, this is a finding. |
| ✔️ Fix |
|---|
| The ISSO will ensure the Product resource class(es) is (are) defined in the TSS RDT. The ISSO will issue one of the following commands to define the Product resource class(es): TSS REPLACE(RDT) RESCLASS(ROSRES) - MAXLEN(044) - ATTR(MASK|NOMASK,DEFPROT) - ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) - DEFACC(READ) TSS ADDTO(RDT) RESCLASS(ROSRES) - RESCODE(hex-code) - ATTR(MASK|NOMASK,DEFPROT) - ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) - DEFACC(READ) |