STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.

DISA Rule

SV-223511r695445_rule

Vulnerability Number

V-223511

Group Title

SRG-OS-000079-GPOS-00047

Rule Version

ACF2-ES-000940

Severity

CAT II

CCI(s)

• CCI-000206 - The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Weight

10

Fix Recommendation

Define a cross out string used to obliterate the logon password on 2741 devices.

Ensure the GSO TSO2741 record values conform to the following requirements.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Example:
SET C(GSO)
INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()

F ACF2,REFRESH(TSO2741)

Check Contents

From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSO2741

If the GSO TSO2741 record values conform to the following requirements, this is not a finding.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Vulnerability Number

V-223511

Documentable

False

Rule Version

ACF2-ES-000940

Severity Override Guidance

From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSO2741

If the GSO TSO2741 record values conform to the following requirements, this is not a finding.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Check Content Reference

M

Target Key

4100

Comments