IBM z/OS FTP.DATA configuration statements for the FTP Server must specify the BANNER statement.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223522 | ACF2-FT-000060 | SV-223522r958586_rule | CCI-001384 | medium |
| Description | ||||
| The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-8
1.00
- DISA · 9 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.9
1.00
- DISA · 9 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001384
1.00
- DISA · 9 · disa_xccdf · related
Details
Check Text (C-223522r958586_chk)
Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.
If the BANNER statement is coded, this is not a finding.
Fix Text (F-25183r500701_fix)
Configure the FTP.DATA CONFIGURATION STATEMENT to include the following:
BANNER [An HFS file, e.g., /etc/ftp.banner]