IBM RACF must be installed and active on the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223760	RACF-OS-000040	SV-223760r958362_rule		High

Description

Enterprise environments make account management for operating systems challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other errors. IBM z/OS requires an external security manager to assure proper account management.

STIG	Date
IBM z/OS RACF Security Technical Implementation Guide	2025-06-24

Details

Check Text (C-25433r514968_chk)

Refer to IEASYS00 member in SYS1.PARMLIB Concatenation. Determine proper IEFSSnxx member.

If RACF is defined in the SubSystem member, this is not a finding.

Fix Text (F-25421r514969_fix)

Refer to the IBM Security Server RACF System Programmer Guide and the IBM Security Server RACF Security Administrator guide to properly implement RACF on the system.