An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.12.2 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
226
)
Print
Changes
Pages (
1/16
)
IBM z/OS ACF2 STIG
IBM z/OS ACF2 Security Technical Implementation Guide
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r15 (Released April 24, 2024)
v8 r14 (Released Jan. 24, 2024)
v8 r13 (Released Oct. 25, 2023)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 23, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released July 27, 2022)
v8 r6 (Released April 27, 2022)
v8 r5 (Released Jan. 27, 2022)
v8 r4 (Released Oct. 27, 2021)
v8 r3 (Released July 23, 2021)
v8 r2 (Released April 23, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
ACF2-CE-000010
V-223419
IBM z/OS Certificate Name Filtering must be implemented with appropriate authorization and documentation.
Cat II
ACF2-CE-000020
V-223420
IBM z/OS must not use Expired Digital Certificates.
Cat II
ACF2-CE-000030
V-223421
All IBM z/OS digital certificates in use must have a valid path to a trusted Certification authority.
Cat II
ACF2-ES-000010
V-223422
CA-ACF2 OPTS GSO record must be set to ABORT mode.
Cat I
ACF2-ES-000020
V-223423
The number of ACF2 users granted the special privilege PPGM must be justified.
Cat II
ACF2-ES-000030
V-223424
The number of ACF2 users granted the special privilege OPERATOR must be kept to a strictly controlled minimum.
Cat III
ACF2-ES-000040
V-223425
The number of ACF2 users granted the special privilege CONSOLE must be justified.
Cat III
ACF2-ES-000050
V-223426
The number of ACF2 users granted the special privilege ALLCMDS must be justified.
Cat II
ACF2-ES-000060
V-223427
IBM z/OS system commands must be properly protected.
Cat II
ACF2-ES-000070
V-223428
IBM z/OS Sensitive Utility Controls must be properly defined and protected.
Cat II
ACF2-ES-000080
V-223429
CA-ACF2 NJE GSO record value must indicate validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS).
Cat II
ACF2-ES-000090
V-223430
CA-ACF2 must protect Memory and privileged program dumps in accordance with proper security requirements.
Cat II
ACF2-ES-000100
V-223431
CA-ACF2 must properly define users that have access to the CONSOLE resource in the TSOAUTH resource class.
Cat II
ACF2-ES-000120
V-223433
CA-ACF2 must limit access to SYSTEM DUMP data sets to appropriate authorized users.
Cat II
ACF2-ES-000130
V-223434
CA-ACF2 must limit access to SYS(x).TRACE to system programmers only.
Cat II
1
2
3
4
5
...16
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.