Check: RACF-OS-000210
IBM z/OS RACF STIG:
RACF-OS-000210
(in versions v8 r14 through v7 r1)
Title
IBM RACF must define UACC of NONE on all profiles. (Cat I impact)
Discussion
The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
Check Content
Review all Dataset and resource profiles in the RACF database. If any are not defined with UACC NONE, this is a finding.
Fix Text
Define each dataset and resource profile with UACC(NONE)
Additional Identifiers
Rule ID: SV-223777r853619_rule
Vulnerability ID: V-223777
Group Title: SRG-OS-000370-GPOS-00155
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001774 |
The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-7 (5) |
Authorized Software / Whitelisting |