Check: ZUSS0011
zOS RACF STIG:
ZUSS0011
(in versions v6 r43 through v6 r30)
Title
z/OS UNIX OMVS parameters in PARMLIB are not properly specified. (Cat II impact)
Discussion
Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.
Check Content
a) Refer to the following report produced by the z /OS Data Collection: - EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s). Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI (ZUSS0011) NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run. b) If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, there is NO FINDING. c) If the parameter is not specified as OMVS=xx or OMVS=(xx,xx,…), this is a FINDING.
Fix Text
Review the settings in PARMLIB and /etc for z/OS UNIX security parameters and ensure that the values conform to the specifications below: The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member. NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.
Additional Identifiers
Rule ID: SV-7245r2_rule
Vulnerability ID: V-6944
Group Title: ZUSS0011
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |