ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223511 | ACF2-ES-000940 | SV-223511r958470_rule | CCI-000206 | medium |
| Description | ||||
| To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Details
Check Text (C-223511r958470_chk)
From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSO2741
If the GSO TSO2741 record values conform to the following requirements, this is not a finding.
BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()
Fix Text (F-25172r504604_fix)
Define a cross out string used to obliterate the logon password on 2741 devices.
Ensure the GSO TSO2741 record values conform to the following requirements.
BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()
Example:
SET C(GSO)
INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()
F ACF2,REFRESH(TSO2741)