STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS ACF2 Security Technical Implementation Guide

V-223623

CAT II (Medium)

IBM z/OS UNIX MVS data sets with z/OS UNIX components must be properly protected.

Rule ID

SV-223623r1137691_rule

STIG

IBM z/OS ACF2 Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000213CCI-001499

Discussion

Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include: access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system. Satisfies: SRG-OS-000080-GPOS-00048, SRG-OS-000259-GPOS-00100

Check Content

If the ESM data set rules for each of the data sets listed in the table below restrict UPDATE and ALLOCATE access to systems programming personnel, this is not a finding.

MVS DATA SETS WITH z/OS UNIX COMPONENTS
DATA SET NAME/MASK    MAINTENANCE TYPE    FUNCTION
SYS1.ABPX*            Distribution        IBM z/OS UNIX ISPF panels, messages, tables, clists
SYS1.AFOM*            Distribution        IBM z/OS UNIX Application Services
SYS1.BPA.ABPA*        Distribution        IBM z/OS UNIX Connection Scaling Process Mgr.
SYS1.CMX.ACMX*        Distribution        IBM z/OS UNIX Connection Scaling Connection Mgr.
SYS1.SBPX*            Target              IBM z/OS UNIX ISPF panels, messages, tables, clists
SYS1.SFOM*            Target              IBM z/OS UNIX Application Services
SYS1.CMX.SCMX*        Target              IBM z/OS UNIX Connection Scaling Connection Mgr.

Fix Text

Define ESM data set rules for each of the data sets listed in the table below restrict UPDATE and ALLOCATE access to systems programming personnel.

The data sets designated as distribution data sets should have all access restricted to systems programming personnel. TSO/E users who also use z/OS UNIX should have read access to the SYS1.SBPX* data sets. Read access for all users to the remaining target data sets is at the site's discretion. All other access must be restricted to systems programming personnel.

MVS DATA SETS WITH z/OS UNIX COMPONENTS
DATA SET NAME/MASK    MAINTENANCE TYPE    FUNCTION
SYS1.ABPX*            Distribution        IBM z/OS UNIX ISPF panels, messages, tables, clists
SYS1.AFOM*            Distribution        IBM z/OS UNIX Application Services
SYS1.BPA.ABPA*        Distribution        IBM z/OS UNIX Connection Scaling Process Mgr.
SYS1.CMX.ACMX*        Distribution        IBM z/OS UNIX Connection Scaling Connection Mgr.
SYS1.SBPX*            Target              IBM z/OS UNIX ISPF panels, messages, tables, clists
SYS1.SFOM*            Target              IBM z/OS UNIX Application Services
SYS1.CMX.SCMX*        Target              IBM z/OS UNIX Connection Scaling Connection Mgr.