STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS UNIX user accounts must be properly defined.

DISA Rule

SV-223635r533198_rule

Vulnerability Number

V-223635

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

ACF2-US-000200

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Define any z/OS UNIX user as follows:
A unique UID number (except for UID(0) users)
A unique HOME directory (except for UID(0) and other system task accounts)
Shell program specified as "/bin/sh", "/bin/tcsh", "/bin/echo", or "/bin/false"

NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).

Check Contents

From an ACF Command screen enter:
SET LID
LIST IF(OMVSUSER)

If each user account is defined as follows this is not a finding.
A unique UID number (except for UID(0) users)
A unique HOME directory (except for UID(0) and other system task accounts)
Shell program specified as “/bin/sh”, “/bin/tcsh”, “/bin/echo”, or “/bin/false”

NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).

Vulnerability Number

V-223635

Documentable

False

Rule Version

ACF2-US-000200

Severity Override Guidance

From an ACF Command screen enter:
SET LID
LIST IF(OMVSUSER)

If each user account is defined as follows this is not a finding.
A unique UID number (except for UID(0) users)
A unique HOME directory (except for UID(0) and other system task accounts)
Shell program specified as “/bin/sh”, “/bin/tcsh”, “/bin/echo”, or “/bin/false”

NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).

Check Content Reference

M

Target Key

4100

Comments