STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS attributes of z/OS UNIX user accounts must have a unique GID in the range of 1-99.

DISA Rule

SV-223857r604139_rule

Vulnerability Number

V-223857

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RACF-US-000200

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Define the OMVSGRP group and/or the STCOMVS group to the security database with a unique GID in the range of 1-99.

OMVSGRP is the name suggested by IBM for all the required userids. STCOMVS is the standard name used at some sites for the userids that are associated with z/OS UNIX started tasks and daemons. These groups can be combined at the site’s discretion.

Check Contents

From ISPF Command Shell enter:
Listgrp * OMVS

Note: A site can choose to have both an OMVSGRP group and an STCOMVS group or combine the groups under one of these names.

If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding.

Vulnerability Number

V-223857

Documentable

False

Rule Version

RACF-US-000200

Severity Override Guidance

From ISPF Command Shell enter:
Listgrp * OMVS

Note: A site can choose to have both an OMVSGRP group and an STCOMVS group or combine the groups under one of these names.

If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments