STIGQter STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The IBM z/OS user account for the z/OS UNIX SUPERUSER userid must be properly defined.

DISA Rule

SV-224094r561402_rule

Vulnerability Number

V-224094

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

TSS0-US-000210

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Define the user ID identified in the BPXPRM00 SUPERUSER parameter as specified below:

- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
- UID(0)
- HOME directory specified as "/"
- Shell program specified as "/bin/sh"

Check Contents

Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)

Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).

From a command input screen enter:
LISTUSER (superuser userid) TSO CICS OMVS

If the SUPERUSER userid is defined as follows, this is not a finding:

- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
- UID(0)
- HOME directory specified as "/"
- Shell program specified as "/bin/sh"

Vulnerability Number

V-224094

Documentable

False

Rule Version

TSS0-US-000210

Severity Override Guidance

Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)

Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).

From a command input screen enter:
LISTUSER (superuser userid) TSO CICS OMVS

If the SUPERUSER userid is defined as follows, this is not a finding:

- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
- UID(0)
- HOME directory specified as "/"
- Shell program specified as "/bin/sh"

Check Content Reference

M

Target Key

4102

Comments