Information
ACCESSCTRL authority is the authority required to grant and revoke privileges on objects within a specific database. Some of these privileges include BINDADD, CONNECT, CREATETAB, CREATE_EXTERNAL_ROUTINE, LOAD, and QUIESCE_CONNECT. It has no inherent privilege to access data stored in tables, except the catalog tables and views.
The ACCESSCTRL authority cannot be granted to PUBLIC.
Rationale:
The ACCESSCTRL authority gives the grantee access control to a specified database. With this authority, the grantee can grant/revoke privileges to other users. ACCESSCTRL can be granted to users, groups, or roles, but not PUBLIC. ACCESSCTRL authority can only be granted by the SECADM authority.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke ACCESSCTRL authority from any unauthorized users.
db2 => REVOKE ACCESSCTRL ON DATABASE FROM USER <username>