An error occurred:

IBM z/OS ACF2 STIG Version Comparison

IBM z/OS ACF2 Security Technical Implementation Guide

Comparison

There are 4 differences between versions v8 r13 (Oct. 25, 2023) (the "left" version) and v8 r15 (April 24, 2024) (the "right" version).

Check ACF2-ES-000500 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization.

Check Content

From the ACF Command screen enter: SET LID LIST IF(REFRESH) If procedures exist to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is not a finding. Example: When finding. Example of a suggested procedure follows: When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following: -Activate the REFRESH ID with the following setting(s): NOSUSPEND NOPSWD EXP PASSWORD(new password) -Instruct Operations to perform the REFRESH. -Deactivate the REFRESH ID with the following setting: SUSPEND If no procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is a finding.

Discussion

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

Fix

Review security procedures for defining LOGONIDs and develop documentation of requirements for the LOGONID associated with the REFRESH attribute. Example: When attribute. Example of a suggested procedure follows: When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following: -Activate the required REFRESH ID with the following setting(s): NOSUSPEND NOPSWD setting(s): NOSUSPEND NOPSWD EXP EXP PASSWORD(new PASSWORD(new password) -Instruct Operations to perform the REFRESH. -Deactivate REFRESH using the newly activated REFRESH ID. -After refresh is completed. -Deactivate the REFRESH ID with the following setting: SUSPEND setting: SUSPEND This procedure should be documented in the Site Security Plan.