UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Attributes of z/OS UNIX user accounts used for account modeling must be defined in accordance with security requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7050 ZUSS0048 SV-7941r3_rule Medium
Description
Top Secret ACIDs that use z/OS UNIX facilities must be properly defined. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
STIG Date
z/OS TSS STIG 2016-12-21

Details

Check Text ( C-5462r2_chk )
Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(STATUS)
- TSSCMDS.RPT(OMVSUSER)

NOTE: This check applies to any user identifier (ACID) used to model OMVS access on the mainframe. This includes OMVSUSR; MODLUSER and BPX.UNIQUE.USER. If MODLUSER is specified then UNIQUSER must be specified.


If user identifier (ACID) used to model OMVS user account is defined as follows, there is NO FINDING:

A unique UID number (except for UID(0) users)
A non-writable HOME directory
Shell program specified as “/bin/echo”, or “/bin/false”

NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).
Fix Text (F-75871r1_fix)
Use of the OMVS default UID will not be allowed on any classified system.

Define the user identifier (ACID) used to model OMVS user account with a non-0 UID, a non-writable home directory, such as "\" root, and a non-executable, but existing, binary file, "/bin/false" or “/bin/echo.”