UCF STIG Viewer Logo

z/OS UNIX OMVS parameters in PARMLIB are not properly specified.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6944 ZUSS0011 SV-7245r2_rule DCCS-1 DCCS-2 Medium
Description
Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.
STIG Date
z/OS ACF2 STIG 2019-12-12

Details

Check Text ( C-20975r1_chk )
a) Refer to the following report produced by the z /OS Data Collection:

- EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s).

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI (ZUSS0011)

NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

b) If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, there is NO FINDING.

c) If the parameter is not specified as OMVS=xx or OMVS=(xx,xx,…), this is a FINDING.
Fix Text (F-18942r1_fix)
Review the settings in PARMLIB and /etc for z/OS UNIX security parameters and ensure that the values conform to the specifications below:

The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member.

NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.