The IBM z/OS user account for the UNIX kernel (OMVS) must be properly defined to the security database.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223859 | RACF-US-000220 | SV-223859r958482_rule | Medium |
| Description |
| To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. |
| STIG | Date |
| IBM z/OS RACF Security Technical Implementation Guide | 2025-06-24 |
Details
| Check Text (C-25532r868908_chk) |
| If OMVS userid is defined to the ESM as follows, this is not a finding. No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as "/" Shell program specified as "/bin/sh" |
| Fix Text (F-25520r868909_fix) |
| Define OMVS userid to the ESM as specified below: No access to interactive on-line facilities (e.g., TSO, CICS, etc.) Default group specified as OMVSGRP or STCOMVS UID(0) HOME directory specified as "/" Shell program specified as "/bin/sh" |