STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS RACF Security Technical Implementation Guide

V-223857

CAT II (Medium)

IBM z/OS UNIX groups must be defined with a unique GID.

Rule ID

SV-223857r958482_rule

STIG

IBM z/OS RACF Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000764

Discussion

To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. RACF userid groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.

Check Content

From ISPF Command Shell enter:
Listgrp * OMVS

If each group is defined with a unique GID, this is not a finding.

Note: A site can choose to have both an OMVSGRP group and an STCOMVS group or combine the groups under one of these names.

If OMVSGRP and/or STCOMVS groups are defined and have a unique GID in the range of 1-99, this is not a finding.

Fix Text

Define each UNIX group with a unique GID.

Define the OMVSGRP group and/or the STCOMVS group to the security database with a unique GID in the range of 1-99.

OMVSGRP is the name suggested by IBM for all the required userids. STCOMVS is the standard name used at some sites for the userids that are associated with z/OS UNIX started tasks and daemons. These groups can be combined at the site's discretion.