An error occurred:

Check: ACF2-ES-000700

IBM z/OS ACF2 STIG: ACF2-ES-000700 (in versions v9 r2 through v7 r1)

Title

ACF2 APPLDEF GSO record if used must have supporting documentation indicating the reason it was used. (Cat III impact)

Discussion

Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD data.

Check Content

From the ACF Command screen enter: SET CONTROL(GSO) LIST LIKE(APPLDEF-) If the GSO APPLDEF record does not exist, this is not a finding. If the GSO APPLDEF record does exist and no supporting documentation is available, this is a finding.

Fix Text

For any APPLDEF GSO record used, it must have supporting documentation indicating the reason it was used. The APPLDEF record is optional.

Additional Identifiers

Rule ID: SV-223488r991589_rule

Vulnerability ID: V-223488

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.
CCI-000368

Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings