Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6989 | ZUSS0045 | SV-7292r2_rule | DCCS-1 DCCS-2 | Medium |
Description |
---|
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2015-03-27 |
Check Text ( C-3904r1_chk ) |
---|
a) Refer to the following reports produced by the ACP Data Collection: ACF2 - ACF2CMDS.RPT(OMVSUSER) - ACF2CMDS.RPT(LOGONIDS) RACF - RACFCMDS.RPT(LISTUSER) TSS - TSSCMDS.RPT(@ACIDS) b) If RMFGAT is defined as follows, there is NO FINDING: 1) Default group specified as OMVSGRP or STCOMVS 2) A unique, non-zero UID 3) HOME directory specified as “/” 4) Shell program specified as “/bin/sh” c) If RMFGAT is not defined as specified in (b) above, this is a FINDING. |
Fix Text (F-18964r1_fix) |
---|
The systems programmer will verify that RMFGAT user account is defined as specified below: 1) Default group specified as OMVSGRP or STCOMVS 2) A unique, non-zero UID 3) HOME directory specified as “/” 4) Shell program specified as “/bin/sh” RMFGAT is the userid for the Resource Measurement Facility (RMF) Monitor III Gatherer. It requires access to z/OS UNIX data. It must be assigned a unique UID and group and assigned the root directory (“/”) as its home directory. |