IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223629 | ACF2-US-000140 | SV-223629r991589_rule | CCI-000366 | medium |
| Description | ||||
| Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Details
Check Text (C-223629r991589_chk)
Refer to the IEASYS00 member of SYS1.PARMLIB.
If the parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member, this is not a finding.
If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.
Fix Text (F-25290r858906_fix)
Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below:
The parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member.
Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.