An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
224
)
Print
Changes
Pages (
9/15
)
IBM z/OS RACF STIG
IBM z/OS RACF Security Technical Implementation Guide
v9 r7 (Released Jan. 5, 2026)
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r14 (Released April 24, 2024)
v8 r13 (Released Jan. 24, 2024)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 26, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released April 27, 2022)
v8 r6 (Released Jan. 27, 2022)
v8 r5 (Released Oct. 27, 2021)
v8 r4 (Released July 23, 2021)
v8 r3 (Released April 23, 2021)
v8 r2 (Released Jan. 22, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
RACF-OS-000040
V-223760
IBM RACF must be installed and active on the system.
Cat I
RACF-OS-000050
V-223761
The IBM z/OS system administrator (SA) must develop a process to disable emergency accounts after the crisis is resolved or 72 hours.
Cat II
RACF-OS-000060
V-223762
The IBM z/OS system administrator (SA) must develop a process to notify appropriate personnel when accounts are created.
Cat II
RACF-OS-000070
V-223763
The IBM z/OS system administrator (SA) must develop a process to notify appropriate personnel when accounts are modified.
Cat II
RACF-OS-000080
V-223764
The IBM z/OS system administrator (SA) must develop a process to notify appropriate personnel when accounts are deleted.
Cat II
RACF-OS-000090
V-223765
The IBM z/OS system administrator (SA) must develop a process to notify appropriate personnel when accounts are removed.
Cat II
RACF-OS-000100
V-223766
The IBM z/OS system administrator (SA) must develop a process to notify information system security officers (ISSOs) of account enabling actions.
Cat II
RACF-OS-000110
V-223767
IBM z/OS required SMF data record types must be collected.
Cat II
RACF-OS-000120
V-223768
IBM z/OS must employ a session manager to manage display of the Standard Mandatory DoD Notice and Consent Banner.
Cat II
RACF-OS-000130
V-223769
IBM z/OS must specify SMF data options to assure appropriate activation.
Cat II
RACF-OS-000140
V-223770
IBM z/OS SMF collection files (system MANx datasets or LOGSTREAM DASD) must have storage capacity to store at least one weeks worth of audit data.
Cat II
RACF-OS-000150
V-223771
IBM z/OS system administrators must develop an automated process to collect and retain SMF data.
Cat II
RACF-OS-000160
V-223772
IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set.
Cat II
RACF-OS-000170
V-223773
IBM z/OS NOBUFFS in SMFPRMxx must be properly set (default is MSG).
Cat II
RACF-OS-000180
V-223774
The IBM z/OS system must use a time protocol that syncs with an authoritative external time source.
Cat II
Prev
1...
5
6
7
8
9
10
11
12
13
...15
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.