STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

DISA Rule

SV-223560r533198_rule

Vulnerability Number

V-223560

Group Title

SRG-OS-000480-GPOS-00232

Rule Version

ACF2-OS-000240

Severity

CAT II

CCI(s)

• CCI-002080 - The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop a policy application and policy agent to employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

Check Contents

Examine the Policy Agent policy statements.

If it can be determined that the policy agent employs a deny-all, allow-by exception firewall policy for allowing connections to other systems, this is not a finding.

Vulnerability Number

V-223560

Documentable

False

Rule Version

ACF2-OS-000240

Severity Override Guidance

Examine the Policy Agent policy statements.

If it can be determined that the policy agent employs a deny-all, allow-by exception firewall policy for allowing connections to other systems, this is not a finding.

Check Content Reference

M

Target Key

4100

Comments