Compuware Abend-AID user datasets must be properly protected.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-224292	SRG-OS-000080	ZAIDA002	SV-224292r1141335_rule	2025-09-27	7

Description
Compuware Abend-AID user datasets have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these datasets could result in violating the integrity of the base product, which could result in compromising the operating system or sensitive data.

ℹ️ Check
Refer to the following report produced by the dataset and Resource Data Collection: - SENSITVE.RPT(AIDUSER). Automated Analysis Refer to the following report produced by the dataset and Resource Data Collection: - PDI(ZAID0002). Verify that the accesses to the following Compuware Abend-AID user datasets are properly restricted. If the following guidance is true, this is not a finding. Region dump datasets Report databases Source listing files/source listing shared directories The ACF2 dataset rules for the listed datasets restrict READ access to auditors. The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to systems programming personnel. The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to the Compuware Abend-AID's STC(s) and/or batch user(s). The ACF2 dataset rules for the listed datasets restrict WRITE access to application development programmers and Application Production Support Team members.

ℹ️ Check

Refer to the following report produced by the dataset and Resource Data Collection: - SENSITVE.RPT(AIDUSER). Automated Analysis Refer to the following report produced by the dataset and Resource Data Collection: - PDI(ZAID0002). Verify that the accesses to the following Compuware Abend-AID user datasets are properly restricted. If the following guidance is true, this is not a finding. Region dump datasets Report databases Source listing files/source listing shared directories The ACF2 dataset rules for the listed datasets restrict READ access to auditors. The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to systems programming personnel. The ACF2 dataset rules for the listed datasets restrict WRITE and/or greater access to the Compuware Abend-AID's STC(s) and/or batch user(s). The ACF2 dataset rules for the listed datasets restrict WRITE access to application development programmers and Application Production Support Team members.

✔️ Fix
Ensure that WRITE and/or greater access to Compuware Abend-AID user datasets is limited to systems programmers and Compuware Abend-AID STC(s) and/or batch user(s) only. Ensure that WRITE access to Compuware Abend-AID user datasets is limited to application development programmers and Application Production Support Team members. READ access can be given to auditors. (Note: The datasets and/or dataset prefixes identified below are examples of a possible installation. The actual datasets and/or prefixes are determined when the product is installed on a system through the product's installation guide and can be site specific.) Datasets to be protected will be: Region dump datasets Report databases Source listing files/source listing shared directories The following commands are provided as a sample for implementing dataset controls: $KEY(S3A) $PREFIX(SYS3) ABENDAID.SHARED-.- UID(appdaudt) R(A) W(A) ABENDAID.SHARED-.- UID(appsaudt) R(A) W(A) ABENDAID.SHARED-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(syspaudt) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(tstcaudt) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(audtaudt) R(A) ABENDAID.REPORTDB-.- UID(appdaudt) R(A) W(A) ABENDAID.REPORTDB-.- UID(appsaudt) R(A) W(A) ABENDAID.REPORTDB-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A) ABENDAID.REPORTED-.- UID(syspaudt) R(A) W(A) A(A) E(A) ABENDAID.REPORTED-.- UID(tstcaudt) R(A) W(A) A(A) E(A) ABENDAID.REPORTDB-.- UID(audtaudt) R(A) SET RULE COMPILE 'ACF2.MVA.DSNRULES(S3A)' STORE

✔️ Fix

Ensure that WRITE and/or greater access to Compuware Abend-AID user datasets is limited to systems programmers and Compuware Abend-AID STC(s) and/or batch user(s) only. Ensure that WRITE access to Compuware Abend-AID user datasets is limited to application development programmers and Application Production Support Team members. READ access can be given to auditors. (Note: The datasets and/or dataset prefixes identified below are examples of a possible installation. The actual datasets and/or prefixes are determined when the product is installed on a system through the product's installation guide and can be site specific.) Datasets to be protected will be: Region dump datasets Report databases Source listing files/source listing shared directories The following commands are provided as a sample for implementing dataset controls: $KEY(S3A) $PREFIX(SYS3) ABENDAID.SHARED-.- UID(appdaudt) R(A) W(A) ABENDAID.SHARED-.- UID(appsaudt) R(A) W(A) ABENDAID.SHARED-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(syspaudt) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(tstcaudt) R(A) W(A) A(A) E(A) ABENDAID.SHARED-.- UID(audtaudt) R(A) ABENDAID.REPORTDB-.- UID(appdaudt) R(A) W(A) ABENDAID.REPORTDB-.- UID(appsaudt) R(A) W(A) ABENDAID.REPORTDB-.- UID(AbendAID STCs) R(A) W(A) A(A) E(A) ABENDAID.REPORTED-.- UID(syspaudt) R(A) W(A) A(A) E(A) ABENDAID.REPORTED-.- UID(tstcaudt) R(A) W(A) A(A) E(A) ABENDAID.REPORTDB-.- UID(audtaudt) R(A) SET RULE COMPILE 'ACF2.MVA.DSNRULES(S3A)' STORE