Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
IBM z/OS UNIX groups must be defined with a unique GID.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223857 | RACF-US-000200 | SV-223857r868907_rule | Medium |
| Description |
|---|
| To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. RACF userid groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised. |
| STIG | Date |
|---|---|
| IBM z/OS RACF Security Technical Implementation Guide | 2023-06-13 |
Details
| Check Text ( C-25530r868905_chk ) |
|---|
| From ISPF Command Shell enter: Listgrp * OMVS If each group is defined with a unique GID, this is not a finding. Note: A site can choose to have both an OMVSGRP group and an STCOMVS group or combine the groups under one of these names. If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding. |
| Fix Text (F-25518r868906_fix) |
|---|
| Define each UNIX group with a unique GID. Define the OMVSGRP group and/or the STCOMVS group to the security database with a unique GID in the range of 1-99. OMVSGRP is the name suggested by IBM for all the required userids. STCOMVS is the standard name used at some sites for the userids that are associated with z/OS UNIX started tasks and daemons. These groups can be combined at the site's discretion. |