IBM z/OS ACF2 STIG

IBM z/OS ACF2 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
ACF2-TC-000030 V-223601 IBM z/OS TCP/IP resources must be properly protected. Cat II
ACF2-ES-000380 V-223458 CA-ACF2 must limit Update and Allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups. Cat II
ACF2-OS-000030 V-223539 IBM z/OS Inapplicable PPT entries must be invalidated. Cat II
ACF2-OS-000360 V-223571 IBM z/OS Policy agent must contain a policy that protects against or limits the effects of Denial of Service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces. Cat II
ACF2-ES-000720 V-223490 ACF2 LINKLST GSO record if specified must only contains trusted system data sets. Cat II
ACF2-CE-000020 V-223420 IBM z/OS must not use Expired Digital Certificates. Cat II
ACF2-OS-002430 V-223582 IBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered. Cat II
ACF2-ES-000750 V-223493 IBM z/OS UID(0) must be properly assigned. Cat I
ACF2-ES-000630 V-223481 ACF2 maintenance LOGONIDs must have corresponding GSO MAINT records. Cat II
ACF2-OS-000070 V-223543 IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are created. Cat II
ACF2-OS-000020 V-223538 IBM z/OS must implement DoD-approved encryption to protect the confidentiality of remote access sessions. Cat I
ACF2-OS-000130 V-223549 IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set. Cat II
ACF2-ES-000120 V-223433 CA-ACF2 must limit access to SYSTEM DUMP data sets to appropriate authorized users. Cat II
ACF2-ES-000780 V-223496 ACF2 LOGONIDs must be defined with the required fields completed. Cat II
ACF2-ES-000970 V-223514 ACF2 security data sets and/or databases must be properly protected. Cat I

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes