UCF STIG Viewer Logo

The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization.


Overview

Finding ID Version Rule ID IA Controls Severity
V-97635 ACF2-ES-000500 SV-106739r1_rule Medium
Description
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2020-06-29

Details

Check Text ( C-96469r1_chk )
From the ACF Command screen enter:
SET LID
LIST IF(REFRESH)

If procedures exist to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is not a finding.

Example:
When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following:

-Activate the REFRESH ID with the following setting(s):
NOSUSPEND
NOPSWD EXP
PASSWORD(new password)

-Instruct Operations to perform the REFRESH.

-Deactivate the REFRESH ID with the following setting:
SUSPEND

If no procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is a finding.
Fix Text (F-103311r1_fix)
Review security procedures for defining LOGONIDs and develop documentation of requirements for the LOGONID associated with the REFRESH attribute.

Example:
When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following:

-Activate the REFRESH ID with the following setting(s):
NOSUSPEND
NOPSWD EXP
PASSWORD(new password)

-Instruct Operations to perform the REFRESH.

-Deactivate the REFRESH ID with the following setting:
SUSPEND