IBM z/OS ACF2 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.

<VulnDiscussion>To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback fr...

Rule Medium Severity

Show

SRG-OS-000185-GPOS-00079

Group

Show

ACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO.

<VulnDiscussion>The SECVOLS record defines the DASD and tape volumes for which CA-ACF2 provides volume-level protection. Information at rest ...

Rule Medium Severity

Show

SRG-OS-000185-GPOS-00079

Group

Show

ACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change.

<VulnDiscussion>The RESVOLS record defines DASD and mass storage volumes for which CA ACF2 is to provide protection at the data set name leve...

Rule Medium Severity

Show

SRG-OS-000134-GPOS-00068

Group

Show

ACF2 security data sets and/or databases must be properly protected.

<VulnDiscussion>An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform...

Rule High Severity

Show

SRG-OS-000138-GPOS-00069

Group

Show

ACF2 AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets.

<VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...

Rule Medium Severity

Show

SRG-OS-000032-GPOS-00013

Group

Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity

Modules