An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
226
)
Print
Changes
Pages (
12/16
)
IBM z/OS ACF2 STIG
IBM z/OS ACF2 Security Technical Implementation Guide
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r15 (Released April 24, 2024)
v8 r14 (Released Jan. 24, 2024)
v8 r13 (Released Oct. 25, 2023)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 23, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released July 27, 2022)
v8 r6 (Released April 27, 2022)
v8 r5 (Released Jan. 27, 2022)
v8 r4 (Released Oct. 27, 2021)
v8 r3 (Released July 23, 2021)
v8 r2 (Released April 23, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
ACF2-OS-002470
V-223584
ACF2 system administrator must develop a procedure to disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Cat II
ACF2-OS-003430
V-223585
IBM z/OS system administrator must develop a procedure to offload SMF files to a different system or media than the system being audited.
Cat II
ACF2-SH-000010
V-223586
IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.
Cat II
ACF2-SH-000030
V-223587
IBM z/OS SSH daemon must be configured with the Department of Defense (DoD) logon banner.
Cat II
ACF2-SH-000040
V-223588
IBM z/OS SSH daemon must be configured to only use the SSHv2 protocol.
Cat I
ACF2-SH-000050
V-223589
IBM z/OS SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm.
Cat I
ACF2-SL-000010
V-223590
IBM z/OS permission bits and user audit bits for HFS objects that are part of the Syslog daemon component must be configured properly.
Cat II
ACF2-SL-000020
V-223591
IBM z/OS Syslog daemon must be started at z/OS initialization.
Cat II
ACF2-SL-000030
V-223592
IBM z/OS Syslog daemon must be properly defined and secured.
Cat II
ACF2-SM-000010
V-223593
IBM z/OS DFSMS resource class(es) must be defined to the GSO CLASMAP record in accordance with security requirements.
Cat II
ACF2-SM-000020
V-223594
IBM z/OS DFSMS Program Resources must be properly defined and protected.
Cat II
ACF2-SM-000030
V-223595
IBM z/OS DFSMS control data sets must be protected in accordance with security requirements.
Cat II
ACF2-SM-000040
V-223596
IBM z/OS DFMSM resource class(es)must be defined to the GSO SAFDEF record in accordance with security requirements.
Cat II
ACF2-SM-000050
V-223597
IBM z/OS DFSMS resources must be protected in accordance with the proper security requirements.
Cat II
ACF2-SM-000060
V-223598
IBM z/OS using DFSMS must properly specify SYS(x).PARMLIB(IGDSMSxx), SMS parameter settings.
Cat II
Prev
1...
8
9
10
11
12
13
14
15
16
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.