UCF STIG Viewer Logo

ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223511 ACF2-ES-000940 SV-223511r695445_rule Medium
Description
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2021-07-06

Details

Check Text ( C-25184r695444_chk )
From the ISPF Command Shell enter:
ACF
SET CONTROL(GSO)
LIST TSO2741

If the GSO TSO2741 record values conform to the following requirements, this is not a finding.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()
Fix Text (F-25172r504604_fix)
Define a cross out string used to obliterate the logon password on 2741 devices.

Ensure the GSO TSO2741 record values conform to the following requirements.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Example:
SET C(GSO)
INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()

F ACF2,REFRESH(TSO2741)