Title

The EXITS GSO record value must specify the module names of site written ACF2 exit routines. (Cat II impact)

Discussion

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

Check Content

From the ACF Command enter: SET CONTROL(GSO) LIST LIKE(EXIT-) If the GSO EXITS record values conform to the following requirements, this is not a finding. Specifies the module names of site written ACF2 exit routines. NOTE: The DSNPOST exit is optional and is not required to be specified in the GSO EXITS record. DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01) NOTE: No other exits are authorized at this time. NOTE: Local changes will be documented in writing with supporting documentation. If there is any deviation from the above requirements in the GSO EXITS record values, this is a finding.

Fix Text

Configure the EXITS GSO value to specify the module names of site written ACF2 exit routines. Specifies the module names of site written ACF2 exit routines. NOTE: The DSNPOST exit is optional and is not required to be specified in the GSO EXITS record. DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01) Example: SET C(GSO) INSERT EXITS DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01) F ACF2,REFRESH(EXITS) NOTE: No other exits are authorized at this time. NOTE: Local changes will be justified in writing with supporting documentation.

Additional Identifiers

Rule ID: SV-223467r533198_rule

Vulnerability ID: V-223467

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.