STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223429r533198_rule
V-223429
SRG-OS-000080-GPOS-00048
ACF2-ES-000080
CAT II
10
Configure ACF2 validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS) as follows:
DFTLID()
INHERIT
NODEMASK(-)
ENCRYPT
VALIN(YES)
NOVALOUT
NOTE: For NJE nodes that are incompatible with the XDES algorithm, discrete NJE records will be created with NOENCRYPT.
NOTE: Local changes will be justified in writing with supporting documentation.
From the ACF input screen enter:
SET CONTROL(GSO)
LIST LIKE(NJE-)
If the GSO NJE record values conform to the following requirements, this is not a finding.
Specifies ACF2 validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS).
DFTLID() INHERIT NODEMASK(-) ENCRYPT VALIN(YES) NOVALOUT
NOTE: For NJE nodes that are incompatible with the XDES algorithm, discrete NJE records will be created with NOENCRYPT.
NOTE: Local changes will be documented in writing with supporting documentation.
V-223429
False
ACF2-ES-000080
From the ACF input screen enter:
SET CONTROL(GSO)
LIST LIKE(NJE-)
If the GSO NJE record values conform to the following requirements, this is not a finding.
Specifies ACF2 validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS).
DFTLID() INHERIT NODEMASK(-) ENCRYPT VALIN(YES) NOVALOUT
NOTE: For NJE nodes that are incompatible with the XDES algorithm, discrete NJE records will be created with NOENCRYPT.
NOTE: Local changes will be documented in writing with supporting documentation.
M
4100