Resource Class ROSRES is not defined or active in the Access Control Program (ACP).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-225604 | SRG-OS-000309 | ZROST038 | SV-225604r1146143_rule | 2025-09-28 | 7 |
Description
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
ℹ️ Check
Refer to the following report produced by the ACP Data Collection:
- TSSCMDS.RPT(#RDT).
If the ROSCOE Resource Class(es) is (are) defined in the Resource Definition Table (RDT) as follows, this is not a finding.
RESOURCE CLASS = ROSRES
RESOURCE CODE = X'hex code'
ATTRIBUTE = MASK|NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000)
ACCESS = WRITE(2000),ALL(FFFF)
DEFACC = READ
✔️ Fix
The ISSO will ensure the Product resource class(es) is (are) defined in the TSS RDT. The ISSO will issue one of the following commands to define the Product resource class(es):
TSS REPLACE(RDT) RESCLASS(ROSRES) -
MAXLEN(044) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)
TSS ADDTO(RDT) RESCLASS(ROSRES) -
RESCODE(hex-code) -
ATTR(MASK|NOMASK,DEFPROT) -
ACLST(NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000),WRITE(2000),ALL(FFFF)) -
DEFACC(READ)