IBM z/OS ACF2 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
ACF2-TC-000030 V-223601 IBM z/OS TCP/IP resources must be properly protected. Cat II
ACF2-ES-000380 V-223458 CA-ACF2 must limit Update and Allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups. Cat II
ACF2-OS-000030 V-223539 IBM z/OS Inapplicable PPT entries must be invalidated. Cat II
ACF2-OS-000360 V-223571 IBM z/OS Policy agent must contain a policy that protects against or limits the effects of Denial of Service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces. Cat II
ACF2-ES-000720 V-223490 ACF2 LINKLST GSO record if specified must only contains trusted system data sets. Cat II
ACF2-CE-000020 V-223420 IBM z/OS must not use Expired Digital Certificates. Cat II
ACF2-ES-000920 V-223509 ACF2 TSOTWX GSO record values must be set to obliterate the logon password on TWX devices. Cat II
ACF2-OS-002430 V-223582 IBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered. Cat II
ACF2-ES-000750 V-223493 IBM z/OS UID(0) must be properly assigned. Cat I
ACF2-OS-000070 V-223543 IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are created. Cat II
ACF2-OS-000020 V-223538 IBM z/OS must implement DoD-approved encryption to protect the confidentiality of remote access sessions. Cat I
ACF2-OS-000130 V-223549 IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set. Cat II
ACF2-ES-000120 V-223433 CA-ACF2 must limit access to SYSTEM DUMP data sets to appropriate authorized users. Cat II
ACF2-ES-000780 V-223496 ACF2 LOGONIDs must be defined with the required fields completed. Cat II
ACF2-ES-000970 V-223514 ACF2 security data sets and/or databases must be properly protected. Cat I


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.