STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: z/OS UNIX OMVS parameters in PARMLIB are not properly specified.

DISA Rule

SV-7245r2_rule

Vulnerability Number

V-6944

Group Title

ZUSS0011

Rule Version

ZUSS0011

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Review the settings in PARMLIB and /etc for z/OS UNIX security parameters and ensure that the values conform to the specifications below:

The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member.

NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

Check Contents

a) Refer to the following report produced by the z /OS Data Collection:

- EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s).

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI (ZUSS0011)

NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

b) If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, there is NO FINDING.

c) If the parameter is not specified as OMVS=xx or OMVS=(xx,xx,…), this is a FINDING.

Vulnerability Number

V-6944

Documentable

False

Rule Version

ZUSS0011

Severity Override Guidance

a) Refer to the following report produced by the z /OS Data Collection:

- EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s).

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI (ZUSS0011)

NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

b) If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, there is NO FINDING.

c) If the parameter is not specified as OMVS=xx or OMVS=(xx,xx,…), this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

106

Comments