STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS user account for the z/OS UNIX SUPERUSER userid must be properly defined.

DISA Rule

SV-223860r604139_rule

Vulnerability Number

V-223860

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RACF-US-000230

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Define the user ID identified in the BPXPRM00 SUPERUSER parameter as specified below:

-No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
-Default group specified as OMVSGRP or STCOMVS
-UID(0)
-HOME directory specified as “/”
-Shell program specified as “/bin/sh”

Check Contents

Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)

Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).

From a command input screen enter:
LISTUSER (superuser userid) TSO CICS OMVS

If the SUPERUSER userid is defined as follows, this is not a finding:

-No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
-Default group specified as OMVSGRP or STCOMVS
-UID(0)
-HOME directory specified as “/”
-Shell program specified as “/bin/sh”

Vulnerability Number

V-223860

Documentable

False

Rule Version

RACF-US-000230

Severity Override Guidance

Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)

Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).

From a command input screen enter:
LISTUSER (superuser userid) TSO CICS OMVS

If the SUPERUSER userid is defined as follows, this is not a finding:

-No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
-Default group specified as OMVSGRP or STCOMVS
-UID(0)
-HOME directory specified as “/”
-Shell program specified as “/bin/sh”

Check Content Reference

M

Target Key

4101

Comments