ACF2 APPLDEF GSO record if used must have supporting documentation indicating the reason it was used.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223488	ACF2-ES-000700	SV-223488r991589_rule		Low

Description

Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD data.

STIG	Date
IBM z/OS ACF2 Security Technical Implementation Guide	2025-03-11

Details

Check Text (C-25161r504570_chk)

From the ACF Command screen enter:
SET CONTROL(GSO)
LIST LIKE(APPLDEF-)

If the GSO APPLDEF record does not exist, this is not a finding.

If the GSO APPLDEF record does exist and no supporting documentation is available, this is a finding.

Fix Text (F-25149r504571_fix)

For any APPLDEF GSO record used, it must have supporting documentation indicating the reason it was used.

The APPLDEF record is optional.

STIG VIEWER