Check: ACF2-ES-000600
IBM z/OS ACF2 STIG:
ACF2-ES-000600
(in versions v8 r15 through v8 r13)
Title
CA-ACF2 database must be on a separate physical volume from its backup and recovery data sets. (Cat II impact)
Discussion
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
From the ACF Command screen, enter: SET CONTROL(GSO) SHOW DDSN Exexute the ISPF Data Set List Utility for each dataset listed to determine the volume. If the ACF2 database is not located on the same volume as either its alternate or backup file, this is not a finding. If the ACF2 database is collocated with either its alternate or backup, this is a finding.
Fix Text
Configure the placement of ACF2 files are on a separate volume from its backup and recovery data sets to provide backup and recovery in the event of physical damage to a volume. Identify the ACF2 database(s), backup database(s), and recovery data set(s). Develop a plan to keep these data sets on different physical volumes. Implement the movement of these critical ACF2 files. File location is an often overlooked factor in system integrity. It is important to ensure that the effects of hardware failures on system integrity and availability are minimized. Avoid collocation of files such as primary and alternate databases. For example, the loss of the physical volume containing the ACF2 database should not also cause the loss of the ACF2 backup database as a result of their collocation. Files that will be segregated from each other on separate physical volumes include, but are not limited to, the ACF2 database and its alternate or backup file.
Additional Identifiers
Rule ID: SV-223478r928967_rule
Vulnerability ID: V-223478
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |