STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM RACF user accounts must uniquely identify system users.

DISA Rule

SV-223722r604139_rule

Vulnerability Number

V-223722

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RACF-ES-000750

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.
• CCI-000804 - The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
• CCI-000877 - The organization employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.

Weight

10

Fix Recommendation

Identify user accounts defined to the ESM that are being shared among multiple users. This may require interviews with appropriate system-level support personnel. Remove the shared user accounts from the ESM.

Check Contents

Obtain a list of all userids that are shared among multiple users (i.e., not uniquely identified system users).

If there are no shared userids on this domain, this is not a finding.

If there are shared userids on this domain, this is a finding.

Vulnerability Number

V-223722

Documentable

False

Rule Version

RACF-ES-000750

Severity Override Guidance

Obtain a list of all userids that are shared among multiple users (i.e., not uniquely identified system users).

If there are no shared userids on this domain, this is not a finding.

If there are shared userids on this domain, this is a finding.

Check Content Reference

M

Target Key

4101

Comments