STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS RACF Security Technical Implementation Guide

V-223713

CAT II (Medium)

IBM RACF use of the RACF SPECIAL Attribute must be justified.

Rule ID

SV-223713r991589_rule

STIG

IBM z/OS RACF Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000366

Discussion

The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

Check Content

From the ISPF Command Shell enter:
ListUser *

If authorization to the SYSTEM SPECIAL attribute is restricted to key systems personnel such as individuals responsible for continuing operations, Storage Management, and emergency recovery, this is not a finding.

If any users connected to sensitive system dataset HLQ (e.g., SYS1, SYS2, ETC) groups with the Group-SPECIAL are key systems personnel, such as individuals responsible for continuing operations, Storage Management, and emergency recovery, this is a finding.

Otherwise, Group-SPECIAL is allowed.

Fix Text

Review all USERIDs with the SPECIAL attribute. Ensure documentation providing justification for access is maintained and filed with the ISSO, and that unjustified access is removed.

For the SYSTEM SPECIAL attribute:

A sample command for removing the SPECIAL attribute is shown here: ALU <userid> NOSPECIAL.

For the GROUP SPECIAL attribute:

CO <user> GROUP(<groupname>) NOSPECIAL