The z/OS Default profiles must not be defined in TSS OMVS UNIX security parameters for classified systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7000	ZUSST050	SV-7303r4_rule		Medium

Description
TSS UNIQUSER control option will automatically assign a UID to any user who logs on to OMVS without an OMVS segment. Parameter settings in the TSS impact the security level of z/OS UNIX. In classified systems user access will not be determined by default.

STIG	Date
z/OS TSS STIG	2019-12-12

Details

Check Text ( C-3701r3_chk )
If the system in not classified this is not applicable. From a command line issue the following command: Note: One must have appropriate access to perform this command (have the site security officer to issue command). TSS MODIFY STATUS Examine the following options: UNIQUSER Alternately: Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(STATUS) - System Classification Automated Analysis requires Additional Analysis. Refer to the following report produced by the TSS Data Collection: - PDI(ZUSST050) If system is classified and UNIQUSER is off i.e., (UNIQUSER(OFF) there is no finding.

Check Text ( C-3701r3_chk )

If the system in not classified this is not applicable.

From a command line issue the following command:
Note: One must have appropriate access to perform this command (have the site security officer to issue command).

TSS MODIFY STATUS

Examine the following options:
UNIQUSER

Alternately:
Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(STATUS)
- System Classification

Automated Analysis requires Additional Analysis.
Refer to the following report produced by the TSS Data Collection:

- PDI(ZUSST050)

If system is classified and UNIQUSER is off i.e., (UNIQUSER(OFF) there is no finding.

Fix Text (F-81943r1_fix)
Ensure that Use of the OMVS default UIDs will not be allowed on any classified system. Set Control Option UNIQUSER off.