An error occurred:

Check: RACF-UT-000050

IBM z/OS RACF STIG: RACF-UT-000050 (in versions v8 r14 through v7 r1)

Title

The IBM z/OS UNIX Telnet server warning banner must be properly specified. (Cat II impact)

Discussion

Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Check Content

From the ISPF Command Shell enter: ISHELL Enter /etc/ for a pathname - you may need to issue a CD /etc/ select FILE NAME inetd.conf If Option -h is included on the otelnetd command, this is a finding.

Fix Text

Configure the startup parameters in the inetd.conf file for otelnetd to exclude option -h. Note: -h indicates that the logon banner should not be displayed.

Additional Identifiers

Rule ID: SV-223868r604139_rule

Vulnerability ID: V-223868

Group Title: SRG-OS-000228-GPOS-00088

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001384

The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
CCI-001385

The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
CCI-001386

The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
CCI-001387

The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
CCI-001388

The information system, for publicly accessible systems, includes a description of the authorized uses of the system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-8

System Use Notification