Skip to content

IBM z/OS ACF2 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • IBM z/OS must protect dynamic lists in accordance with proper security requirements.

    <VulnDiscussion>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • SRG-OS-000324-GPOS-00125

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to SYS1.UADS To system programmers only and read and update access must be limited to system programmer personnel and/or security personnel.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit all system PROCLIB data sets to appropriate authorized users.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 access to the System Master Catalog must be properly protected.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS MCS consoles access authorization(s) for CONSOLE resource(s) must be properly protected.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to SYS1.NUCLEUS to system programmers only.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to SYS1.LPALIB to system programmers only.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to SYS1.IMAGELIB to system programmers.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to Libraries containing EXIT modules to system programmers only.

    &lt;VulnDiscussion&gt;Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforceme...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write and Allocate access to all APF-authorized libraries to system programmers only.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules