STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS user account for the UNIX kernel (OMVS) must be properly defined to the security database.

DISA Rule

SV-223859r604139_rule

Vulnerability Number

V-223859

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RACF-US-000220

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Define OMVS userid to the ESM as specified below:

No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
Default group specified as OMVSGRP or STCOMVS
UID(0)
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Check Contents

If OMVS userid is defined to the ESM as follows, this is not a finding.

No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
Default group specified as OMVSGRP or STCOMVS
UID(0)
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Vulnerability Number

V-223859

Documentable

False

Rule Version

RACF-US-000220

Severity Override Guidance

If OMVS userid is defined to the ESM as follows, this is not a finding.

No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
Default group specified as OMVSGRP or STCOMVS
UID(0)
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Check Content Reference

M

Target Key

4101

Comments