Navigate

Check: ZUSSA053

zOS ACF2 STIG: ZUSSA053 (in versions v6 r43 through v6 r30)

Title

The GSO UNIXOPTS record must specify CHOWNRES. (Cat II impact)

Discussion

Parameter settings in the ACP impact the security level of z/OS UNIX.

Check Content

For CA-ACF2 Release 15 and above this is not applicable. Refer to the following report produced by the ACF2 Data Collection. - ACF2CMDS.RPT(ACFGSO) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ZUSSA053) If the UNIXOPTS record does not specify CHOWNRES this is a finding.

Fix Text

The IAO must set the GSO UINIXOPTS record to specify CHOWNRES. Example: SET C(GSO) LIST UNIXOPTS CHOWNRES DFTGROUP(OMVSDGRP) DFTUSER(OMVSUSER) NODIRACC NODIRSRCH NOFSOBJ NOFSSEC NOGOSETGID NOHFSACL NOHFSSEC NOIPCOBJ NGROUPS(300) NOPROCACT NOPROCESS

Additional Identifiers

Rule ID: SV-7297r3_rule

Vulnerability ID: V-6994

Group Title: ZUSSA053

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-001499	The organization limits privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-5 (6)	Limit Library Privileges
CM-6	Configuration Settings