The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 for full disk encryption.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97843	ACF2-OS-000340	SV-106947r1_rule		Medium

Description
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information. Satisfies: SRG-OS-000185-GPOS-00079, SRG-OS-000405-GPOS-00184, SRG-OS-000404-GPOS-00183, SRG-OS-000396-GPOS-00176

Description

Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information. Satisfies: SRG-OS-000185-GPOS-00079, SRG-OS-000405-GPOS-00184, SRG-OS-000404-GPOS-00183, SRG-OS-000396-GPOS-00176

STIG	Date
IBM z/OS ACF2 Security Technical Implementation Guide	2020-06-29

Details

Check Text ( C-96679r1_chk )
Determine if IBM's DS880 Disks are in use. If they are not in use for systems that require data at rest, this is a finding.

Fix Text (F-103519r1_fix)
Employ IBM's DS8880 hardware to ensure full disk encryption.