Title

IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified. (Cat II impact)

Discussion

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

Check Content

Refer to the IEASYS00 member of SYS1.PARMLIB. If the parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member, this is not a finding. If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.

Fix Text

Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below: The parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member. Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.

Additional Identifiers

Rule ID: SV-223629r861190_rule

Vulnerability ID: V-223629

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.