IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97963	ACF2-US-000140	SV-107067r1_rule		Medium

Description
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

STIG	Date
IBM z/OS ACF2 Security Technical Implementation Guide	2020-06-29

Details

Check Text ( C-96799r1_chk )
Refer to the IEASYS00 member of SYS1.PARMLIB. If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, this is not a finding. If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

Fix Text (F-103639r1_fix)
Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below: The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member. Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

Fix Text (F-103639r1_fix)

Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below:

The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member.

Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.