STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS must use SAF Key Rings for key management.

DISA Rule

SV-223568r695454_rule

Vulnerability Number

V-223568

Group Title

SRG-OS-000067-GPOS-00035

Rule Version

ACF2-OS-000330

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.
• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.

Weight

10

Fix Recommendation

Define all Keys/Certificates to the security database. Remove the all .kdb and .jks files.

Check Contents

From the ISPF Command Shell enter:
OMVS
enter
find / -name *.kdb
and
find / -name *jks
If any files are found, this is a finding.

Vulnerability Number

V-223568

Documentable

False

Rule Version

ACF2-OS-000330

Severity Override Guidance

From the ISPF Command Shell enter:
OMVS
enter
find / -name *.kdb
and
find / -name *jks
If any files are found, this is a finding.

Check Content Reference

M

Target Key

4100

Comments