STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

ACF2 LINKLST GSO record if specified must only contains trusted system data sets.

DISA Rule

SV-223490r533198_rule

Vulnerability Number

V-223490

Group Title

SRG-OS-000368-GPOS-00154

Rule Version

ACF2-ES-000720

Severity

CAT II

CCI(s)

CCI-001764 - The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.

Weight

Fix Recommendation

Configure the LINKLIST GSO value if specified only contains trusted system data sets.

Specifies one or more partitioned data sets considered part of the system link (SYS1.LINKLIB) during data set access validation.

Only trusted system data sets will be listed. Application libraries will never be included.

Example:
SET C(GSO)
INSERT LINKLST LIBRARY(SYS1.LINKLIB SYS2A.FDR.LOADLIB)

F ACF2,REFRESH(LINKLST)

Check Contents

From the ACF Command screen enter:
SET CONTROL(GSO)
LIST LINKLST

If the GSO LINKLST record values conform to the following requirements, this is not a finding.

Specifies one or more partitioned data sets considered part of the system link (SYS1.LINKLIB) during data set access validation. Only trusted system data sets will be listed. Application libraries will never be included.

Example:
LIBRARY(SYS1.LINKLIB SYS2A.FDR.LOADLIB)

If there is any deviation from the above requirements in the GSO LINKLST record values, this is a finding.

ACF2 LINKLST GSO record if specified must only contains trusted system data sets.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments