STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

ACF2 TSOTWX GSO record values must be set to obliterate the logon password on TWX devices.

DISA Rule

SV-223509r695443_rule

Vulnerability Number

V-223509

Group Title

SRG-OS-000079-GPOS-00047

Rule Version

ACF2-ES-000920

Severity

CAT II

CCI(s)

• CCI-000206 - The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Weight

10

Fix Recommendation

Define a cross out mask to obliterate the logon password on TWX devices.

CR(15)
IDLE(17)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Example:
SET C(GSO)
INSERT TSOTWX CR(15) IDLE(17) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()

F ACF2,REFRESH(TSOTWX)

Check Contents

From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSOTWX

If the GSO TSOTWX record values conform to the following requirements, this is not a finding.

CR(15)
IDLE(17)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Vulnerability Number

V-223509

Documentable

False

Rule Version

ACF2-ES-000920

Severity Override Guidance

From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSOTWX

If the GSO TSOTWX record values conform to the following requirements, this is not a finding.

CR(15)
IDLE(17)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Check Content Reference

M

Target Key

4100

Comments