Check: TSS0-US-000150
IBM z/OS TSS STIG:
TSS0-US-000150
(in versions v9 r2 through v7 r1)
Title
IBM z/OS UNIX security parameters in etc/profile must be properly specified. (Cat II impact)
Discussion
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
From the ISPF Command Shell enter: ISHELL /etc/profile If the final or only instance of the UMASK command in /etc/profile is specified as "umask 077", this is not a finding. If the LOGNAME variable is marked read-only (i.e., "readonly LOGNAME") in /etc/profile, this is not a finding.
Fix Text
Configure the etc/profile to specify the UMASK command is executed with a value of 077 and the LOGNAME variable is marked read-only for the /etc/profile file, exceptions are documented with the ISSO.
Additional Identifiers
Rule ID: SV-224088r958472_rule
Vulnerability ID: V-224088
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000213 |
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
Number | Title |
---|---|
AC-3 |
Access Enforcement |