UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

NIST FIPS-validated cryptography must be used to protect passwords in the security database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-65647 ACF0395 SV-80137r2_rule High
Description
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Cryptographic modules must adhere to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
STIG Date
z/OS ACF2 STIG 2016-12-21

Details

Check Text ( C-67759r3_chk )
Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection:

- PDI(ACF0395)

If the "GSO PSWD" record option "PSWDENCT" is set to "XDES" or null, this is a finding.

For CA-ACF2 R16 and above:
If the "GSO PSWD" record option "PSWDENCT" is set to "AES2" and option "NOONEPWALG" is specified, this is a finding.


Fix Text (F-73271r2_fix)
Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified below:

Configure the "GSO PSWD" record option "PSWDENCT" to "AES1".

For CA-ACF2 Release16 and above:

Configure "GSO PSWD" record option "PSWDENCT" to "AES1" or "AES2".
Configure the "GSO PSWD" to "ONEPWALG"

NOTE: Use caution when specifying "ONEPWALG". Consult the CA-ACF2 administration guide for converting to "AES1" or "AES2" and using "ONEPWALG".