An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
226
)
Print
Changes
Pages (
4/16
)
IBM z/OS ACF2 STIG
IBM z/OS ACF2 Security Technical Implementation Guide
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r15 (Released April 24, 2024)
v8 r14 (Released Jan. 24, 2024)
v8 r13 (Released Oct. 25, 2023)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 23, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released July 27, 2022)
v8 r6 (Released April 27, 2022)
v8 r5 (Released Jan. 27, 2022)
v8 r4 (Released Oct. 27, 2021)
v8 r3 (Released July 23, 2021)
v8 r2 (Released April 23, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
ACF2-ES-000490
V-223467
The EXITS GSO record value must specify the module names of site written ACF2 exit routines.
Cat II
ACF2-ES-000500
V-223468
The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization.
Cat II
ACF2-ES-000510
V-223469
IBM z/OS TSO GSO record values must be set to the values specified.
Cat II
ACF2-ES-000520
V-223470
IBM z/OS procedures must restrict ACF2 LOGONIDs with the READALL attribute to auditors and/or authorized users.
Cat II
ACF2-ES-000530
V-223471
IBM z/OS must have the RULEVLD and RSRCVLD attributes specified for LOGONIDs with the SECURITY attribute.
Cat II
ACF2-ES-000540
V-223472
IBM z/OS LOGONIDs with the AUDIT or CONSULT attribute must be properly scoped.
Cat II
ACF2-ES-000550
V-223473
IBM z/OS LOGONID with the ACCTPRIV attribute must be restricted to the ISSO.
Cat II
ACF2-ES-000560
V-223474
IBM z/OS batch jobs with restricted ACF2 LOGONIDs must have the PGM(xxxxxxxx) and SUBAUTH attributes or the SOURCE(xxxxxxxx) attribute assigned to the corresponding LOGONIDs.
Cat II
ACF2-ES-000570
V-223475
CA-ACF2 RULEOPTS GSO record values must be set to the values specified.
Cat II
ACF2-ES-000580
V-223476
The CA-ACF2 GSO OPTS record value must be properly specified.
Cat II
ACF2-ES-000590
V-223477
CA-ACF2 must prevent the use of dictionary words for passwords.
Cat II
ACF2-ES-000600
V-223478
CA-ACF2 database must be on a separate physical volume from its backup and recovery data sets.
Cat II
ACF2-ES-000610
V-223479
CA-ACF2 database must be backed up on a scheduled basis.
Cat II
ACF2-ES-000620
V-223480
ACF2 REFRESH attribute must be restricted to security administrators' LOGON ID only.
Cat II
ACF2-ES-000630
V-223481
ACF2 maintenance LOGONIDs must have corresponding GSO MAINT records.
Cat II
Prev
1
2
3
4
5
6
7
8
...16
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.