An error occurred:

Check: RACF-OS-000040

IBM z/OS RACF STIG: RACF-OS-000040 (in versions v8 r14 through v7 r1)

Title

IBM RACF must be installed and active on the system. (Cat I impact)

Discussion

Enterprise environments make account management for operating systems challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other errors. IBM z/OS requires an external security manager to assure proper account management.

Check Content

Refer to IEASYS00 member in SYS1.PARMLIB Concatenation. Determine proper IEFSSnxx member. If RACF is defined in the SubSystem member, this is not a finding.

Fix Text

Refer to the IBM Security Server RACF System Programmer Guide and the IBM Security Server RACF Security Administrator guide to properly implement RACF on the system.

Additional Identifiers

Rule ID: SV-223760r604139_rule

Vulnerability ID: V-223760

Group Title: SRG-OS-000001-GPOS-00001

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000015

The organization employs automated mechanisms to support the information system account management functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-2 (1)

Automated System Account Management