IBM z/OS LNKAUTH=APFTAB must be specified in the IEASYSxx member(s) in the currently active parmlib data set(s).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223565 | ACF2-OS-000290 | SV-223565r958478_rule | Medium |
| Description |
| Failure to specify LINKAUTH=APFTAB allows libraries other than those designated as APF to contain authorized modules which could bypass security and violate the integrity of the operating system environment. This expanded authorization list inhibits the ability to control inclusion of these modules. |
| STIG | Date |
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-03-11 |
Details
| Check Text (C-25238r500830_chk) |
| Refer to IEASYS00 member in SYS1.PARMLIB Concatenation. If LNKAUTH=APFTAB is not specified, this is a finding. |
| Fix Text (F-25226r500831_fix) |
| Configure LNKAUTH=APFTAB in the IEASYS00 member of PARMLIB. |