Navigate

Check: ZUSS0042

zOS ACF2 STIG: ZUSS0042 (in versions v6 r43 through v6 r30)

Title

z/OS UNIX each group is not defined with a unique GID. (Cat II impact)

Discussion

User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.

Check Content

Refer to the following report produced by the ACP Data Collection: ACF2 - ACF2CMDS.RPT(OMVSGRP) RACF - RACFCMDS.RPT(LISTGRP) Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZUSS0042) For ACF2 and RACF ensure that each GID is unique to a specific group. For TSS this is Not Applicable.

Fix Text

The systems programmer will verify that each group has a unique GID number,

Additional Identifiers

Rule ID: SV-7289r2_rule

Vulnerability ID: V-6986

Group Title: ZUSS0042

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000764	The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-2	Identification And Authentication (Organizational Users)