Check: ACF2-ES-000570
IBM z/OS ACF2 STIG:
ACF2-ES-000570
(in versions v9 r2 through v8 r2)
Title
CA-ACF2 RULEOPTS GSO record values must be set to the values specified. (Cat II impact)
Discussion
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
From the ACF Command enter: SET CONTROL(GSO) LIST RULEOPTS If the following options are defined, this is not a finding. NO$NOSORT CENTRAL CHANGE DECOMP(AUDIT SECURITY) | DECOMP(AUDIT) | DECOMP(SECURITY) The other RULEOPTS values should be assigned carefully as they affect the Rules and Infostorage databases.
Fix Text
Configure the GSO RULEOPTS record values to conform to the following requirements. NO$NOSORT CENTRAL CHANGE DECOMP(AUDIT SECURITY) | DECOMP(AUDIT) | DECOMP(SECURITY) The other RULEOPTS values should be assigned carefully as they affect the Rules and Infostorage databases. Example: SET C(GSO) INSERT RULEOPTS NO$NOSORT CENTRAL CHANGE NOCOMPDYN DECOMP(AUDIT SECURITY) F ACF2,REFRESH(RULEOPTS)
Additional Identifiers
Rule ID: SV-223475r991589_rule
Vulnerability ID: V-223475
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
CCI-000368 |
Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |