Title

IBM z/OS Default profiles must not be defined in TSS OMVS UNIX security parameters for classified systems. (Cat II impact)

Discussion

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

Check Content

If the system in not classified this is not applicable. From a command line issue the following command: TSS MODIFY STATUS Note: One must have appropriate access to perform this command (have the site security officer to issue command). If system is classified and UNIQUSER is off i.e., (UNIQUSER(OFF) this is not a finding.

Fix Text

Ensure that Use of the OMVS default UIDs will not be allowed on any classified system. Set Control Option UNIQUSER off.

Additional Identifiers

Rule ID: SV-224090r877928_rule

Vulnerability ID: V-224090

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.