Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-223859 | RACF-US-000220 | SV-223859r868910_rule | Medium |
Description |
---|
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. |
STIG | Date |
---|---|
IBM z/OS RACF Security Technical Implementation Guide | 2023-06-13 |
Check Text ( C-25532r868908_chk ) |
---|
If OMVS userid is defined to the ESM as follows, this is not a finding. No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as "/" Shell program specified as "/bin/sh" |
Fix Text (F-25520r868909_fix) |
---|
Define OMVS userid to the ESM as specified below: No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as "/" Shell program specified as "/bin/sh" |