Check: ACF2-US-000140
IBM z/OS ACF2 STIG:
ACF2-US-000140
(in versions v9 r2 through v8 r8)
Title
IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified. (Cat II impact)
Discussion
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
Refer to the IEASYS00 member of SYS1.PARMLIB. If the parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member, this is not a finding. If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.
Fix Text
Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below: The parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member. Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.
Additional Identifiers
Rule ID: SV-223629r991589_rule
Vulnerability ID: V-223629
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |