Check: ACF2-ES-000510
IBM z/OS ACF2 STIG:
ACF2-ES-000510
(in versions v9 r2 through v7 r1)
Title
IBM z/OS TSO GSO record values must be set to the values specified. (Cat II impact)
Discussion
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
From the ACF Command screen enter: SET CONTROL(GSO) LIST TSO If the GSO TSO record values conform to the following requirements, this is not a finding. ACCOUNT(1) BYPASS(#) CHAR(BS) CMDLIST() NOIKJEFLD1 LINE(ATTN) LOGONCK PERFORM(0) PROC(site defined) NOQLOGON REGION(site defined) SUBCLSS() SUBHOLD() SUBMSG() TIME(0) TSOSOUT(A) UNIT(SYSDA) WAITIME(1-60)
Fix Text
Configure the GSO TSO record values to conform to the following requirements. ACCOUNT(1) BYPASS(#) CHAR(BS) CMDLIST() NOIKJEFLD1 LINE(ATTN) LOGONCK PERFORM(0) PROC(site defined) NOQLOGON REGION(site defined) SUBCLSS() SUBHOLD() SUBMSGC() TIME(0) TSOSOUT(A) UNIT(SYSDA) WAITIME(1-60) Example: SET C(GSO) INSERT TSO ACCOUNT(1) BYPASS(#) CHAR(BS) CMDLIST() NOIKJEFLD1 LINE(ATTN) LOGONCK PERFORM(0) PROC(IKJACCNT) NOQLOGON REGION(4,096) SUBCLSS() SUBHOLD() SUBMSGC() TIME(0) TSOGNAME() TSOSOUT(A) UNIT(SYSDA) WAITIME(60) F ACF2,REFRESH(TSO)
Additional Identifiers
Rule ID: SV-223469r991589_rule
Vulnerability ID: V-223469
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
CCI-001133 |
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |