An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
226
)
Print
Changes
Pages (
11/16
)
IBM z/OS ACF2 STIG
IBM z/OS ACF2 Security Technical Implementation Guide
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r15 (Released April 24, 2024)
v8 r14 (Released Jan. 24, 2024)
v8 r13 (Released Oct. 25, 2023)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 23, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released July 27, 2022)
v8 r6 (Released April 27, 2022)
v8 r5 (Released Jan. 27, 2022)
v8 r4 (Released Oct. 27, 2021)
v8 r3 (Released July 23, 2021)
v8 r2 (Released April 23, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
ACF2-OS-000330
V-223568
IBM z/OS must use ICSF or SAF Key Rings for key management.
Cat II
ACF2-OS-000340
V-223569
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
Cat I
ACF2-OS-000350
V-223570
IBM z/OS sensitive and critical system data sets must not exist on shared DASD.
Cat II
ACF2-OS-000360
V-223571
IBM z/OS Policy agent must contain a policy that protects against or limits the effects of Denial of Service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces.
Cat II
ACF2-OS-000370
V-223572
IBM z/OS Policy agent must contain a policy that manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
Cat II
ACF2-OS-002240
V-223573
IBM z/OS must employ a session manager to manage retaining a users session lock until that user reestablishes access using established identification and authentication procedures.
Cat II
ACF2-OS-002330
V-223574
IBM z/OS system administrator must develop a procedure to notify designated personnel if baseline configurations are changed in an unauthorized manner.
Cat II
ACF2-OS-002350
V-223575
IBM z/OS must employ a session manager that conceal, via the session lock, information previously visible on the display with a publicly viewable image.
Cat II
ACF2-OS-002360
V-223576
IBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.
Cat II
ACF2-OS-002370
V-223577
The IBM z/OS system administrator (SA) must develop a procedure to automatically remove or disable temporary user accounts after 72 hours.
Cat II
ACF2-OS-002380
V-223578
IBM z/OS system administrator must develop a procedure to automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
Cat II
ACF2-OS-002390
V-223579
IBM z/OS system administrator must develop a procedure to notify system administrators (SAs) and information system security officers (ISSOs) of account enabling actions.
Cat II
ACF2-OS-002420
V-223581
IBM z/OS system administrator must develop a procedure to remove all software components after updated versions have been installed.
Cat II
ACF2-OS-002430
V-223582
IBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.
Cat II
ACF2-OS-002440
V-223583
IBM z/OS must employ a session manager configured for users to directly initiate a session lock for all connection types.
Cat II
Prev
1...
7
8
9
10
11
12
13
14
15
...16
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.