The EXITS GSO record value must specify the module names of site written ACF2 exit routines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223467 | ACF2-ES-000490 | SV-223467r991589_rule | CCI-000366 | medium |
| Description | ||||
| Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Details
Check Text (C-223467r991589_chk)
From the ACF Command enter:
SET CONTROL(GSO)
LIST LIKE(EXIT-)
If the GSO EXITS record values conform to the following requirements, this is not a finding.
Specifies the module names of site written ACF2 exit routines.
NOTE: The DSNPOST exit is optional and is not required to be specified in the GSO EXITS record. DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01)
NOTE: No other exits are authorized at this time.
NOTE: Local changes will be documented in writing with supporting documentation.
If there is any deviation from the above requirements in the GSO EXITS record values, this is a finding.
Fix Text (F-25128r504520_fix)
Configure the EXITS GSO value to specify the module names of site written ACF2 exit routines.
Specifies the module names of site written ACF2 exit routines.
NOTE: The DSNPOST exit is optional and is not required to be specified in the GSO EXITS record.
DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01)
Example:
SET C(GSO)
INSERT EXITS DSNPOST(module) SEVPRE(SEVPRE01) SEVPOST(SEVPST01)
F ACF2,REFRESH(EXITS)
NOTE: No other exits are authorized at this time.
NOTE: Local changes will be justified in writing with supporting documentation.