STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS FTP.DATA configuration for the FTP Server must have INACTIVE statement properly set.

DISA Rule

SV-223527r533198_rule

Vulnerability Number

V-223527

Group Title

SRG-OS-000163-GPOS-00072

Rule Version

ACF2-FT-000110

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the FTP.DATA CONFIGURATION STATEMENT to include the following:

INACTIVE [A value between 1 and 900]

Check Contents

Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.

If the INACTIVE statement is coded with a value between 1 and 900 (seconds) this is not a finding.

Vulnerability Number

V-223527

Documentable

False

Rule Version

ACF2-FT-000110

Severity Override Guidance

Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.

If the INACTIVE statement is coded with a value between 1 and 900 (seconds) this is not a finding.

Check Content Reference

M

Target Key

4100

Comments