STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS SSH daemon must be configured to only use the SSHv2 protocol.

DISA Rule

SV-223588r533198_rule

Vulnerability Number

V-223588

Group Title

SRG-OS-000096-GPOS-00050

Rule Version

ACF2-SH-000040

Severity

CAT I

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Edit the sshd_config file and set the "Protocol" setting to "2".

Check Contents

Locate the SSH daemon configuration file, which may be found in /etc/ssh/ directory.

Alternately:
From UNIX System Services ISPF Shell navigate to ribbon select tools.
Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file. If the variables "Protocol 2,1" or "Protocol 1" are defined on a line without a leading comment, this is a finding.

Vulnerability Number

V-223588

Documentable

False

Rule Version

ACF2-SH-000040

Severity Override Guidance

Locate the SSH daemon configuration file, which may be found in /etc/ssh/ directory.

Alternately:
From UNIX System Services ISPF Shell navigate to ribbon select tools.
Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file. If the variables "Protocol 2,1" or "Protocol 1" are defined on a line without a leading comment, this is a finding.

Check Content Reference

M

Target Key

4100

Comments