ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223511	ACF2-ES-000940	SV-223511r958470_rule		Medium

Description

To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system must not provide any information allowing an unauthorized user to compromise the authentication mechanism.

STIG	Date
IBM z/OS ACF2 Security Technical Implementation Guide	2025-03-11

Details

Check Text (C-25184r695444_chk)

From the ISPF Command Shell enter:
ACF <enter>
SET CONTROL(GSO)
LIST TSO2741

If the GSO TSO2741 record values conform to the following requirements, this is not a finding.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Fix Text (F-25172r504604_fix)

Define a cross out string used to obliterate the logon password on 2741 devices.

Ensure the GSO TSO2741 record values conform to the following requirements.

BS(16)
LENGTH(8)
M1(X)
M2(N)
M3(Z)
M4(M)
STRING()

Example:
SET C(GSO)
INSERT TSO2741 BS(16) LENGTH(8) M1(X) M2(N) M3(Z) M4(M) STRING()

F ACF2,REFRESH(TSO2741)

STIG VIEWER