An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
224
)
Print
Changes
Pages (
2/15
)
IBM z/OS RACF STIG
IBM z/OS RACF Security Technical Implementation Guide
v9 r7 (Released Jan. 5, 2026)
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r14 (Released April 24, 2024)
v8 r13 (Released Jan. 24, 2024)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 26, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released April 27, 2022)
v8 r6 (Released Jan. 27, 2022)
v8 r5 (Released Oct. 27, 2021)
v8 r4 (Released July 23, 2021)
v8 r3 (Released April 23, 2021)
v8 r2 (Released Jan. 22, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
RACF-ES-000130
V-223661
IBM RACF started tasks defined with the trusted attribute must be justified.
Cat II
RACF-ES-000140
V-223662
IBM RACF USERIDs possessing the Tape Bypass Label Processing (BLP) privilege must be justified.
Cat II
RACF-ES-000150
V-223663
IBM RACF DASD volume-level protection must be properly defined.
Cat II
RACF-ES-000160
V-223664
IBM Sensitive Utility Controls must be properly defined and protected.
Cat II
RACF-ES-000170
V-223665
IBM RACF Global Access Checking must be restricted to appropriate classes and resources.
Cat II
RACF-ES-000180
V-223666
IBM RACF access to the System Master Catalog must be properly protected.
Cat I
RACF-ES-000190
V-223667
IBM RACF must limit Write or greater access to SYS1.UADS to system programmers only, and WRITE or greater access must be limited to system programmer personnel and/or security personnel.
Cat I
RACF-ES-000200
V-223668
IBM z/OS must protect dynamic lists in accordance with proper security requirements.
Cat I
RACF-ES-000210
V-223669
IBM RACF allocate access to system user catalogs must be properly protected.
Cat II
RACF-ES-000220
V-223670
IBM RACF must limit WRITE or greater access to System backup files to system programmers and/or batch jobs that perform DASD backups.
Cat II
RACF-ES-000230
V-223671
IBM RACF must limit access to SYS(x).TRACE to system programmers only.
Cat II
RACF-ES-000240
V-223672
IBM RACF batch jobs must be properly secured.
Cat II
RACF-ES-000250
V-223673
IBM RACF batch jobs must be protected with propagation control.
Cat II
RACF-ES-000260
V-223674
IBM RACF must limit Write or greater access to SYS1.IMAGELIB to system programmers only.
Cat I
RACF-ES-000270
V-223675
IBM RACF must limit Write or greater access to SYS1.SVCLIB to appropriate authorized users.
Cat I
Prev
1
2
3
4
5
6
...15
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.