UCF STIG Viewer Logo

IBM z/OS Default profiles must not be defined in TSS OMVS UNIX security parameters for classified systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-98887 TSS0-US-000170 SV-107991r1_rule Medium
Description
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
STIG Date
IBM z/OS TSS Security Technical Implementation Guide 2020-06-29

Details

Check Text ( C-97723r1_chk )
If the system in not classified this is not applicable.

From a command line issue the following command:
TSS MODIFY STATUS
Note: One must have appropriate access to perform this command (have the site security officer to issue command).

If system is classified and UNIQUSER is off i.e., (UNIQUSER(OFF) this is not a finding.
Fix Text (F-104563r2_fix)
Ensure that Use of the OMVS default UIDs will not be allowed on any classified system.

Set Control Option UNIQUSER off.