An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2026
Xylok, LLC
Version: releases-v2026.03.1 - rmfrev5
Open sidebar
Navigate
Top
Search
Checks (
224
)
Print
Changes
Pages (
11/15
)
IBM z/OS RACF STIG
IBM z/OS RACF Security Technical Implementation Guide
v9 r7 (Released Jan. 5, 2026)
v9 r6 (Released Oct. 1, 2025)
v9 r5 (Released July 2, 2025)
v9 r4 (Released April 2, 2025)
v9 r3 (Released Jan. 30, 2025)
v9 r2 (Released Oct. 24, 2024)
v9 r1 (Released July 24, 2024)
v8 r14 (Released April 24, 2024)
v8 r13 (Released Jan. 24, 2024)
v8 r12 (Released July 26, 2023)
v8 r11 (Released April 27, 2023)
v8 r10 (Released Jan. 26, 2023)
v8 r9 (Released Nov. 23, 2022)
v8 r8 (Released Oct. 26, 2022)
v8 r7 (Released April 27, 2022)
v8 r6 (Released Jan. 27, 2022)
v8 r5 (Released Oct. 27, 2021)
v8 r4 (Released July 23, 2021)
v8 r3 (Released April 23, 2021)
v8 r2 (Released Jan. 22, 2021)
v8 r1 (Released Oct. 23, 2020)
v7 r3 (Released July 24, 2020)
v7 r2 (Released April 24, 2020)
v7 r1 (Released Nov. 18, 2019)
v7 r0.1 (Released April 5, 2019)
ID
Vuln ID
Title
Cat
Status
RACF-OS-000370
V-223793
The IBM z/OS Policy Agent must contain a policy that manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks.
Cat II
RACF-OS-000400
V-223794
The IBM z/OS must employ a session manager that conceals, via the session lock, information previously visible on the display with a publicly viewable image.
Cat II
RACF-OS-000410
V-223795
IBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.
Cat II
RACF-OS-000420
V-223796
IBM z/OS must employ a session for users to directly initiate a session lock for all connection types.
Cat II
RACF-OS-000430
V-223797
IBM z/OS must employ a session manager to manage retaining a users session lock until that user reestablishes access using established identification and authentication procedures.
Cat II
RACF-OS-000440
V-223798
IBM z/OS system administrator must develop a procedure to remove or disable temporary user accounts after 72 hours.
Cat II
RACF-OS-000460
V-223800
IBM z/OS system administrator must develop a procedure to notify designated personnel if baseline configurations are changed in an unauthorized manner.
Cat II
RACF-OS-000470
V-223801
IBM z/OS system administrator must develop a procedure to provide an audit reduction capability that supports on-demand reporting requirements.
Cat II
RACF-OS-000490
V-223803
IBM z/OS system administrator must develop a procedure to remove all software components after updated versions have been installed.
Cat II
RACF-OS-000500
V-223804
IBM z/OS must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.
Cat II
RACF-OS-000510
V-223805
IBM z/OS system administrator must develop a procedure to offload SMF files to a different system or media than the system being audited.
Cat II
RACF-SH-000010
V-223806
IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.
Cat II
RACF-SH-000020
V-223807
The IBM RACF SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm to protect confidential information and remote access sessions.
Cat I
RACF-SH-000040
V-223809
The SSH daemon must be configured with the Standard Mandatory DoD Notice and Consent Banner.
Cat II
RACF-SH-000050
V-223810
IBM z/OS SSH daemon must be configured to only use the SSHv2 protocol.
Cat I
Prev
1...
7
8
9
10
11
12
13
14
15
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.