Navigate

IBM z/OS RACF STIG

IBM z/OS RACF Security Technical Implementation Guide

ID	Vuln ID	Title	Cat
RACF-ES-000420	V-223690	IBM RACF must limit WRITE or greater access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only.	Cat II
RACF-ES-000430	V-223691	The IBM z/OS IEASYMUP resource must be protected in accordance with proper security requirements.	Cat II
RACF-ES-000440	V-223692	The IBM RACF JES(BATCHALLRACF) SETROPTS value must be set to JES(BATCHALLRACF).	Cat II
RACF-ES-000460	V-223693	The IBM z/OS JES(XBMALLRACF) SETROPTS value must be set to JES(XBMALLRACF).	Cat II
RACF-ES-000470	V-223694	IBM RACF OPERAUDIT SETROPTS value must set to OPERAUDIT.	Cat II
RACF-ES-000480	V-223695	The IBM RACF PASSWORD(REVOKE) SETROPTS value must be specified to revoke the userid after three invalid logon attempts.	Cat II
RACF-ES-000500	V-223697	IBM z/OS SYS1.PARMLIB must be properly protected.	Cat I
RACF-ES-000520	V-223699	The IBM RACF SETROPTS SAUDIT value must be specified.	Cat II
RACF-ES-000530	V-223700	The IBM RACF REALDSN SETROPTS value must be specified.	Cat II
RACF-ES-000540	V-223701	IBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.	Cat II
RACF-ES-000550	V-223702	IBM RACF SETROPTS RVARYPW values must be properly set.	Cat II
RACF-ES-000560	V-223703	IBM RACF must define WARN = NO on all profiles.	Cat I
RACF-ES-000570	V-223704	The IBM RACF PROTECTALL SETROPTS value specified must be properly set.	Cat I
RACF-ES-000580	V-223705	The IBM RACF GRPLIST SETROPTS value must be set to ACTIVE.	Cat II
RACF-ES-000590	V-223706	The IBM RACF RETPD SETROPTS value specified must be properly set.	Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.