STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS user account for the z/OS UNIX SUPERSUSER userid must be properly defined.

DISA Rule

SV-223634r533198_rule

Vulnerability Number

V-223634

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

ACF2-US-000190

Severity

CAT II

CCI(s)

CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

Fix Recommendation

Define the user ID identified in the BPXPRM00 SUPERUSER parameter as specified below:
No access to interactive on-line facilities (e.g., TSO, CICS, etc)
Default group specified as OMVSGRP or STCOMVS
UID(0)
HOME directory specified as "/"
Shell program specified as "/bin/sh"

Check Contents

Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)
Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).
From a command input screen enter:
SET LID
LIST LIKE (superuser userid)

If the SUPERUSER userid is defined as follows, this is not a finding.
- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS

From an ACF command input screen enter:
SET PROFILE(USER) DIVISION(OMVS)
SET VERBOSE
LIST <superuser userid>

If the SUPERUSER userid is defined as follows, this is not a finding:
- UID(0)
- HOME directory specified as “/”
- Shell program specified as “/bin/sh”

IBM z/OS user account for the z/OS UNIX SUPERSUSER userid must be properly defined.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments