IBM RACF must be installed and active on the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223760 | RACF-OS-000040 | SV-223760r958362_rule | CCI-000015 | high |
| Description | ||||
| Enterprise environments make account management for operating systems challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other errors. IBM z/OS requires an external security manager to assure proper account management. | ||||
| STIG | Date | |||
| IBM z/OS RACF Security Technical Implementation Guide | 2025-06-24 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AC-2(1)
1.00
- DISA · 9 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-000015
1.00
- DISA · 9 · disa_xccdf · related
Details
Check Text (C-223760r958362_chk)
Refer to IEASYS00 member in SYS1.PARMLIB Concatenation. Determine proper IEFSSnxx member.
If RACF is defined in the SubSystem member, this is not a finding.
Fix Text (F-25421r514969_fix)
Refer to the IBM Security Server RACF System Programmer Guide and the IBM Security Server RACF Security Administrator guide to properly implement RACF on the system.