STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS ACF2 Security Technical Implementation Guide

V-223485

CAT II (Medium)

IBM z/OS Started Tasks must be properly identified and defined to ACF2.

Rule ID

SV-223485r991589_rule

STIG

IBM z/OS ACF2 Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000764

Discussion

Started procedures have system generated job statements that do not contain the user, group, or password statements. To enable the started procedure to access the same protected resources that users and groups access, started procedures must have an associated USERID. If a USERID is not associated with the started procedure, the started procedure will not have access to the resources. To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.

Check Content

Refer to the site security plan, the system administrator, and system libraries to determine list of stated tasks available on the system.

From the ACF command screen enter:
SET LID 
SET VERBOSE 
LIST IF(STC)

If all logonids identified as started tasks have the STC attribute specified, this is not a finding.

Fix Text

All started tasks will be assigned an individual logonid. The logonid for a Started Task Control (STC) will be granted the minimum privileges necessary for the STC to function. In addition to the default LID field settings, all STC logonids will have the following field setting:

STC

Example:
SET LID
INSERT logonid STC