Skip to content

IBM z/OS RACF Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • IBM RACF allocate access to system user catalogs must be properly protected.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • IBM RACF must limit WRITE or greater access to System backup files to system programmers and/or batch jobs that perform DASD backups.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • IBM RACF must limit access to SYS(x).TRACE to system programmers only.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS must not have duplicated sensitive utilities and/or programs existing in APF libraries.

    &lt;VulnDiscussion&gt;Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of d...
    Rule Low Severity
  • IBM RACF batch jobs must be properly secured.

    &lt;VulnDiscussion&gt;Batch jobs that are submitted to the operating system should inherit the USERID of the submitter. This will identify the batc...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules