STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223505r695435_rule
V-223505
SRG-OS-000073-GPOS-00041
ACF2-ES-000880
CAT I
10
Evaluate the impact associated with implementation of the control option.
Develop a plan of action to implement the control option as specified below:
Configure the "GSO PSWD" record option "PSWDENCT" to "AES1".
For CA-ACF2 Release16 and above:
Configure "GSO PSWD" record option "PSWDENCT" to "AES1" or "AES2".
Configure the "GSO PSWD" to "ONEPWALG".
Note: If you are using VM Database Synchronization you cannot use “ONEPWALG”. VM does not support the AES algorithms.
Develop a transition plan with a definite completion date for z/VM; file with the ISSM.
If all systems that are sharing the logonid or infostorage databases are not running with the same “PSWDENCT” value you cannot use “ONEPWALG”.
Develop a transition plan that contains a definite completion date to migrate all logonid and infostorage databases to one “PSWDENCT” value; file with the ISSM.
Consult the CA-ACF2 administration guide for converting to "AES1" or "AES2" and using "ONEPWALG".
From an ACF command screen enter:
SET CONTROL(GSO)
LIST PSWD
If the "GSO PSWD" record option "PSWDENCT" is set to "XDES" or null, this is a finding.
SET MSYSID(-)
LIST PSWD
For CA-ACF2 R16 and above:
If option "NOONEPWALG" is specified, and there is no transition plan with a definite completion date filed with the ISSM, this is a finding.
V-223505
False
ACF2-ES-000880
From an ACF command screen enter:
SET CONTROL(GSO)
LIST PSWD
If the "GSO PSWD" record option "PSWDENCT" is set to "XDES" or null, this is a finding.
SET MSYSID(-)
LIST PSWD
For CA-ACF2 R16 and above:
If option "NOONEPWALG" is specified, and there is no transition plan with a definite completion date filed with the ISSM, this is a finding.
M
4100