Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6989 | ZUSS0045 | SV-87477r1_rule | Medium |
Description |
---|
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised. |
STIG | Date |
---|---|
z/OS TSS STIG | 2017-06-26 |
Check Text ( C-72957r2_chk ) |
---|
RMFGAT is the userid for the Resource Measurement Facility (RMF) Monitor III Gatherer. If RMFGAT is not define this is not applicable. From a command input screen enter: TSS LIST (RMFGAT) DATA ALL Alternately: Refer to the following reports produced by the ACP Data Collection: - TSSCMDS.RPT(@ACIDS) If RMFGAT is defined as follows, this is not a finding - Default group specified as OMVSGRP or STCOMVS - A unique, non-zero UID - HOME directory specified as “/” - Shell program specified as “/bin/sh” |
Fix Text (F-79263r2_fix) |
---|
Define RMFGAT user account is defined as specified below: Default group specified as OMVSGRP or STCOMVS A unique, non-zero UID HOME directory specified as “/” Shell program specified as “/bin/sh” |