UCF STIG Viewer Logo

The user account for the z/OS UNIX kernel (OMVS) is not properly defined to the security database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6987 ZUSS0043 SV-7290r2_rule DCCS-1 DCCS-2 Medium
Description
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
STIG Date
z/OS ACF2 STIG 2019-12-12

Details

Check Text ( C-3932r1_chk )

a) Refer to the following reports produced by the ACP Data Collection:

ACF2
- ACF2CMDS.RPT(OMVSUSER)
- ACF2CMDS.RPT(LOGONIDS)
RACF
- RACFCMDS.RPT(LISTUSER)
TSS
- TSSCMDS.RPT(@ACIDS)

b) If OMVS is defined as follows, there is NO FINDING:

1) No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
2) Default group specified as OMVSGRP or STCOMVS
3) UID(0)
4) HOME directory specified as “/”
5) Shell program specified as “/bin/sh”

c) If OMVS is not defined as specified in (b) above, this is a FINDING
Fix Text (F-18962r1_fix)
The systems programmer will verify that OMVS is defined as specified below:

1) No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
2) Default group specified as OMVSGRP or STCOMVS
3) UID(0)
4) HOME directory specified as “/”
5) Shell program specified as “/bin/sh”