An error occurred:

Check: ACF2-ES-000940

IBM z/OS ACF2 STIG: ACF2-ES-000940 (in versions v8 r15 through v8 r2)

Title

ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices. (Cat II impact)

Discussion

To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism.

Check Content

From the ISPF Command Shell enter: ACF <enter> SET CONTROL(GSO) LIST TSO2741 If the GSO TSO2741 record values conform to the following requirements, this is not a finding. BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()

Fix Text

Define a cross out string used to obliterate the logon password on 2741 devices. Ensure the GSO TSO2741 record values conform to the following requirements. BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() Example: SET C(GSO) INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() F ACF2,REFRESH(TSO2741)

Additional Identifiers

Rule ID: SV-223511r695445_rule

Vulnerability ID: V-223511

Group Title: SRG-OS-000079-GPOS-00047

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000206

The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-6

Authenticator Feedback