STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS Attributes of z/OS UNIX user accounts must have a unique GID in the range of 1-99.

DISA Rule

SV-223637r533198_rule

Vulnerability Number

V-223637

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

ACF2-US-000220

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Define the OMVSGRP group and / or the STCOMVS group to the security database with a unique GID in the range of 1-99.

OMVSGRP is the name suggested by IBM for all the required userids. STCOMVS is the standard name used at some sites for the userids that are associated with z/OS UNIX started tasks and daemons. These groups can be combined at the site's discretion.

Check Contents

From the ISPF Command Shell enter:
ACF
SET PROFILE(GROUP) DIVISION(OMVS)
LIST LIKE(-)

If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding.

Vulnerability Number

V-223637

Documentable

False

Rule Version

ACF2-US-000220

Severity Override Guidance

From the ISPF Command Shell enter:
ACF
SET PROFILE(GROUP) DIVISION(OMVS)
LIST LIKE(-)

If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding.

Check Content Reference

M

Target Key

4100

Comments