An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
224
)
Print
Changes
Pages (
1/15
)
IBM z/OS RACF STIG
IBM z/OS RACF Security Technical Implementation Guide
v9 r7 (Released Jan. 5, 2026)
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r14 (Released April 24, 2024)
v8 r13 (Released Jan. 24, 2024)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 26, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released April 27, 2022)
v8 r6 (Released Jan. 27, 2022)
v8 r5 (Released Oct. 27, 2021)
v8 r4 (Released July 23, 2021)
v8 r3 (Released April 23, 2021)
v8 r2 (Released Jan. 22, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
RACF-CE-000010
V-223646
Certificate Name Filtering must be implemented with appropriate authorization and documentation.
Cat II
RACF-CE-000020
V-223647
Expired digital certificates must not be used.
Cat II
RACF-CE-000030
V-223648
All digital certificates in use must have a valid path to a trusted certification authority (CA).
Cat II
RACF-ES-000010
V-223649
IBM RACF must limit Write or greater access to SYS1.NUCLEUS to system programmers only.
Cat I
RACF-ES-000020
V-223650
IBM RACF must limit Write or greater access to libraries that contain PPT modules to system programmers only.
Cat III
RACF-ES-000030
V-235033
IBM RACF must limit WRITE or greater access to LINKLIST libraries to system programmers only.
Cat II
RACF-ES-000040
V-223652
IBM RACF emergency USERIDs must be properly defined.
Cat II
RACF-ES-000050
V-223653
IBM RACF SETROPTS LOGOPTIONS must be properly configured.
Cat II
RACF-ES-000060
V-223654
IBM RACF must protect memory and privileged program dumps in accordance with proper security requirements.
Cat II
RACF-ES-000070
V-223655
IBM z/OS system commands must be properly protected.
Cat II
RACF-ES-000080
V-223656
IBM RACF must properly define users that have access to the CONSOLE resource in the TSOAUTH resource class.
Cat II
RACF-ES-000090
V-223657
The IBM RACF FACILITY resource class must be active.
Cat II
RACF-ES-000100
V-223658
The IBM RACF OPERCMDS resource class must be active.
Cat II
RACF-ES-000110
V-223659
The IBM RACF MCS consoles resource class must be active.
Cat II
RACF-ES-000120
V-223660
IBM RACF CLASSACT SETROPTS must be specified for the TEMPDSN class.
Cat II
1
2
3
4
5
...15
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.