Check: ACF2-ES-000940
IBM z/OS ACF2 STIG:
ACF2-ES-000940
(in versions v9 r2 through v8 r2)
Title
ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices. (Cat II impact)
Discussion
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism.
Check Content
From the ISPF Command Shell enter: ACF <enter> SET CONTROL(GSO) LIST TSO2741 If the GSO TSO2741 record values conform to the following requirements, this is not a finding. BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()
Fix Text
Define a cross out string used to obliterate the logon password on 2741 devices. Ensure the GSO TSO2741 record values conform to the following requirements. BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() Example: SET C(GSO) INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() F ACF2,REFRESH(TSO2741)
Additional Identifiers
Rule ID: SV-223511r958470_rule
Vulnerability ID: V-223511
Group Title: SRG-OS-000079-GPOS-00047
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000206 |
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. |
Controls
Number | Title |
---|---|
IA-6 |
Authenticator Feedback |