From z/OS RACF STIG
Part of RACF0570
Associated with IA controls: DCCS-1, DCCS-2
Associated with: CCI-000764 CCI-000804
Ensure that Every USERID is uniquely identified to the system. Within the USERID record, the user's name, default group, the owner, and the user's passdate fields are completed. This will uniquely identify each user. If these fields are not completed for each user, user accountability will become lost.
Every user will be identified to RACF via each user’s unique userid profile. To RACF, a user is
an individual (user), a started task, or a batch job. Every userid will be fully identified within
RACF with the following fields completed:
NAME User’s name
DFLTGRP Default group
OWNER User’s profile owner
RACF will automatically assign the default group as the password if a password is not explicitly
coded. Assign a unique password to every userid to prevent unauthorized access by a person
who knows the default group for a new userid.
a) Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(LISTUSER) Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(RACF0570) b) If every user is fully identified with all of the following conditions: 1. A completed NAME field that can either be traced back to a current DD2875 or a Vendor Requirement (example: A Started Task). 2. The presence of the DEFAULT-GROUP and OWNER fields. 3. The PASSDATE field is not set to N/A unless this user has the PROTECTED attribute. c) If all of the above are true, there is NO FINDING. d) If any of above is untrue, this is a FINDING.
Review all USERID definitions to ensure required information is provided. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes listed in this PDI. The following are sample commands to correct this vulnerability:
1. Add a NAME to a userid with the command ALU
Lavender hyperlinks in small type off to the right (of CSS
id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header
Powered by sagemincer