The IBM z/OS user account for the UNIX kernel (OMVS) must be properly defined to the security database.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-98425 | RACF-US-000220 | SV-107529r1_rule | Medium |
| Description |
|---|
| To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. |
| STIG | Date |
|---|---|
| IBM z/OS RACF Security Technical Implementation Guide | 2020-06-29 |
Details
| Check Text ( C-97261r1_chk ) |
|---|
| If OMVS userid is defined to the ESM as follows, this is not a finding. No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as “/” Shell program specified as “/bin/sh” |
| Fix Text (F-104101r1_fix) |
|---|
| Define OMVS userid to the ESM as specified below: No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as “/” Shell program specified as “/bin/sh” |