STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The CA-ACF2 GSO OPTS record value must be properly specified.

DISA Rule

SV-223476r695413_rule

Vulnerability Number

V-223476

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

ACF2-ES-000580

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Define the global options available to the system.

BLPLOG
NOCMDREC
CONSOLE(NOROLL)
CPUTIME(LOCAL)
DATE(MDY)
NODDB
DFTLID()
DFTSTC()
INFOLIST(none | AUDIT | SECURITY | SECURITY, AUDIT)
JOBCK
MAXVIO(10)
NOTIFY
RPTSCOPE
SHRDASD
STAMPSMF
STC
TAPEDSN
TEMPDSN
NOUADS
NOVTAMOPEN

Example:
SET C(GSO)
INSERT OPTS BLPLOG NOCMDREC CONSOLE(NOROLL) CPUTIME(LOCAL) DATE(MDY) NODDB DFTLID() DFTSTC() INFOLIST(SECURITY, AUDIT) JOBCK MAXVIO(10)
MODE(ABORT) NOTIFY RPTSCOPE SHRDASD STAMPSMF STC TAPEDSN TEMPDSN NOUADS NOVTAMOPEN

F ACF2,REFRESH(OPTS)

Check Contents

From the ACF Command enter:
SET CONTROL(GSO)
LIST OPTS

If the GSO OPTS record values conform to the following requirements, this is not a finding.

BLPLOG
NOCMDREC
CONSOLE(NOROLL)
CPUTIME(LOCAL)
DATE(MDY)
NODDB
DFTLID()
DFTSTC()
INFOLIST(none | AUDIT | SECURITY | SECURITY, AUDIT)
JOBCK
MAXVIO(10)
NOTIFY
RPTSCOPE
SHRDASD
STAMPSMF
STC
TAPEDSN
TEMPDSN
NOUADS
NOVTAMOPEN

Vulnerability Number

V-223476

Documentable

False

Rule Version

ACF2-ES-000580

Severity Override Guidance

From the ACF Command enter:
SET CONTROL(GSO)
LIST OPTS

If the GSO OPTS record values conform to the following requirements, this is not a finding.

BLPLOG
NOCMDREC
CONSOLE(NOROLL)
CPUTIME(LOCAL)
DATE(MDY)
NODDB
DFTLID()
DFTSTC()
INFOLIST(none | AUDIT | SECURITY | SECURITY, AUDIT)
JOBCK
MAXVIO(10)
NOTIFY
RPTSCOPE
SHRDASD
STAMPSMF
STC
TAPEDSN
TEMPDSN
NOUADS
NOVTAMOPEN

Check Content Reference

M

Target Key

4100

Comments