Check: ACF2-ES-000920
IBM z/OS ACF2 STIG:
ACF2-ES-000920
(in versions v9 r2 through v8 r2)
Title
ACF2 TSOTWX GSO record values must be set to obliterate the logon password on TWX devices. (Cat II impact)
Discussion
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism. Obfuscation of user-provided information that is typed into the system is a method used when addressing this risk. Displaying asterisks when a user types in a password is an example of obscuring feedback of authentication information.
Check Content
From the ISPF Command Shell enter: ACF <enter> SET CONTROL(GSO) LIST TSOTWX If the GSO TSOTWX record values conform to the following requirements, this is not a finding. CR(15) IDLE(17) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()
Fix Text
Define a cross out mask to obliterate the logon password on TWX devices. CR(15) IDLE(17) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() Example: SET C(GSO) INSERT TSOTWX CR(15) IDLE(17) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING() F ACF2,REFRESH(TSOTWX)
Additional Identifiers
Rule ID: SV-223509r958470_rule
Vulnerability ID: V-223509
Group Title: SRG-OS-000079-GPOS-00047
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000206 |
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. |
Controls
Number | Title |
---|---|
IA-6 |
Authenticator Feedback |