Check: ACF2-ES-000950
IBM z/OS ACF2 STIG:
ACF2-ES-000950
(in versions v9 r2 through v8 r2)
Title
ACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO. (Cat II impact)
Discussion
The SECVOLS record defines the DASD and tape volumes for which CA-ACF2 provides volume-level protection. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.
Check Content
From an ACF command screen enter: SET CONTROL(GSO) LIST SECVOLS If the GSO SECVOLS record values conform to the following requirements, this is not a finding. VOLMASK() NOTE: Local changes will be documented in writing with supporting documentation. If there is any deviation from the above requirements in the GSO SECVOLS record values, this is a finding.
Fix Text
Define the GSO SECVOLS record values to conform to the following requirements. VOLMASK() Example: SET C(GSO) INSERT SECVOLS VOLMASK() F ACF2,REFRESH(SECVOLS)
Additional Identifiers
Rule ID: SV-223512r958552_rule
Vulnerability ID: V-223512
Group Title: SRG-OS-000185-GPOS-00079
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000368 |
Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements. |
CCI-001199 |
Protects the confidentiality and/or integrity of organization-defined information at rest. |