IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223629	ACF2-US-000140	SV-223629r991589_rule		Medium

Description

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

STIG	Date
IBM z/OS ACF2 Security Technical Implementation Guide	2025-06-24

Details

Check Text (C-25302r858905_chk)

Refer to the IEASYS00 member of SYS1.PARMLIB.

If the parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member, this is not a finding.

If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.

Fix Text (F-25290r858906_fix)

Configure the settings in PARMLIB and /etc for z/OS UNIX security parameters with values that conform to the specifications below:

The parameter is specified as OMVS=xx or OMVS=(xx,xx,...) in the IEASYSxx member.

Note: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM's Communication Server TCP/IP will not run.