Rule ID
SV-224349r1141669_rule
Version
V7R2
CCIs
CCI-001499
MVS datasets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to properly protect these datasets may lead to unauthorized access. This exposure could compromise the integrity and availability of system services, applications, and customer data.
Refer to the following reports produced by the dataset and Resource Data Collection: - SENSITVE.RPT(HTTPRPT). - SENSITVE.RPT(WASRPT). If the following dataset controls are in effect for WAS, this is not a finding. The ACP dataset rules restrict WRITE and/or greater access to HTTP product datasets (i.e., SYS1.IMW.AIMW** and SYS1.IMW.SIMW**) is restricted to systems programming personnel. Note: If the HTTP server is not used with WAS, this check can be ignored. The ACP dataset rules restrict WRITE and/or greater access to WAS product datasets and associated product datasets are restricted to systems programming personnel. SYS*.EJS.V3500108.** (WebSphere 3.5) SYS*.WAS.V401.** (WebSphere 4.0.1) SYS*.OE.** (Java) SYS*.JAVA** (Java) SYS*.DB2.V710107.** (DB2) SYS*.GLD.** (LDAP) SYS1.LE.** (Language Environment)
The ISSO will ensure that WebSphere server datasets restrict WRITE and/or greater access to systems programming personnel. Ensure the following dataset controls are in effect for WAS: WRITE and/or greater access to HTTP product datasets (i.e., SYS1.IMW.AIMW** and SYS1.IMW.SIMW**) are restricted to systems programming personnel. Note: If the HTTP server is not used with WAS, this check can be ignored. WRITE and/or greater access to WAS product datasets and associated product datasets are restricted to systems programming personnel. SYS*.EJS.V3500108.** (WebSphere 3.5) SYS*.WAS.V401.** (WebSphere 4.0.1) SYS*.OE.** (Java) SYS*.JAVA** (Java) SYS*.DB2.V710107.** (DB2) SYS*.GLD.** (LDAP) SYS1.LE.** (Language Environment)