STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS default profiles must be defined in the corresponding FACILITY Class Profile for classified systems.

DISA Rule

SV-223853r604139_rule

Vulnerability Number

V-223853

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RACF-US-000160

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If system is classified a userid should not be defined in the application data field of the FACILITY report.

The sample commands below show the required security parameters required for the default user:

AU OEDFLTU DFLTGRP(OEDFLTG) NAME('OE DEFAULT USER') NOPASS -
OMVS(UID(99999) HOME('/u/oeflt') PROGRAM('/bin/echo')) -
DATA('DEFAULT OMVSUSERID ADDED WITH SOER5')

RDEF FACILITY BPX. UNIQUE.USER APPLDATA() -
DATA('ADDED TO SUPPORT THE DEFAULT USER') UACC(NONE) OWNER(ADMIN)

SETR RACLIST(FACILITY) REFRESH

Check Contents

If the system is not classified, this is Not Applicable.

From a command input screen enter:

RLIST FACILITY (BPX.UNIQUE.USER) ALL
Examine APPLICATION DATA for userid

If system is classified and a userid is are not defined in the Application Data field in the BPX.UNIQUE.USER resource in the FACILITY report, this is not a finding.

Vulnerability Number

V-223853

Documentable

False

Rule Version

RACF-US-000160

Severity Override Guidance

If the system is not classified, this is Not Applicable.

From a command input screen enter:

RLIST FACILITY (BPX.UNIQUE.USER) ALL
Examine APPLICATION DATA for userid

If system is classified and a userid is are not defined in the Application Data field in the BPX.UNIQUE.USER resource in the FACILITY report, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments