Resource Class ROSRES is not defined or active in the Access Control Program (ACP).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-225604 | ZROST038 | SV-225604r1070311_rule | Medium |
| Description |
| Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data. |
| STIG | Date |
| z/OS ROSCOE for TSS Security Technical Implementation Guide | 2025-03-05 |
Details
| Check Text (C-27304r1070309_chk) |
| Refer to the following report produced by the ACP Data Collection: - TSSCMDS.RPT(#RDT) Ensure that Product Resource Class(es) is (are) defined in the Resource Definition Table as follows: Note: Identify all of the attributes and characteristics of the Product resource class in the TSS Resource Definition Table (delete this note). RESOURCE CLASS = ROSRES RESOURCE CODE = X'hex code' ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000) ACCESS = WRITE(2000),ALL(FFFF) DEFACC = READ If all of the items in (b) are true, this is not a finding. If any item in (b) is untrue, this is a finding. |
| Fix Text (F-27292r1070310_fix) |
| The ISSO will ensure the Product resource class(es) is (are) defined in the TSS RDT. The ISSO will issue one of the following commands to define the Product resource class(es): TSS REPLACE(RDT) RESCLASS(ROSRES) - MAXLEN(044) - ATTR(MASK|NOMASK,DEFPROT) - ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) - DEFACC(READ) TSS ADDTO(RDT) RESCLASS(ROSRES) - RESCODE(hex-code) - ATTR(MASK|NOMASK,DEFPROT) - ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) - DEFACC(READ) |