ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223511 | ACF2-ES-000940 | SV-223511r958470_rule | CCI-000206 | medium |
| Description | ||||
| To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-6
1.00
- DISA · 9 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.5.11
1.00
- DISA · 9 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000206
1.00
- DISA · 9 · disa_xccdf · related
Details
Check Text (C-223511r958470_chk)
From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSO2741
If the GSO TSO2741 record values conform to the following requirements, this is not a finding.
BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()
Fix Text (F-25172r504604_fix)
Define a cross out string used to obliterate the logon password on 2741 devices.
Ensure the GSO TSO2741 record values conform to the following requirements.
BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()
Example:
SET C(GSO)
INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()
F ACF2,REFRESH(TSO2741)