UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223468 ACF2-ES-000500 SV-223468r991589_rule Medium
Description
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2024-06-24

Details

Check Text ( C-25141r944313_chk )
From the ACF Command screen enter:
SET LID
LIST IF(REFRESH)

If procedures exist to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is not a finding.

Example of a suggested procedure follows:

When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following:

-Activate the REFRESH ID with the following setting(s):
NOSUSPEND
NOPSWD EXP
PASSWORD(new password)

-Instruct Operations to perform the REFRESH.

-Deactivate the REFRESH ID with the following setting:
SUSPEND

If no procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is a finding.
Fix Text (F-25129r944314_fix)
Review security procedures for defining LOGONIDs and develop documentation of requirements for the LOGONID associated with the REFRESH attribute.

Example of a suggested procedure follows:
When the ISSO determines it necessary to refresh the ACF2 global options, the ISSO will do the following:

-Activate the required REFRESH ID with the following setting(s):
NOSUSPEND
NOPSWD EXP
PASSWORD(new password)

-Instruct Operations to perform the REFRESH using the newly activated REFRESH ID.
-After refresh is completed.

-Deactivate the REFRESH ID with the following setting:
SUSPEND

This procedure should be documented in the Site Security Plan.