The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 for full disk encryption.
DISA Rule
SV-223569r533198_rule
Vulnerability Number
V-223569
Group Title
SRG-OS-000185-GPOS-00079
Rule Version
ACF2-OS-000340
Severity
CAT II
CCI(s)
- CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.
- CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
- CCI-002475 - The information system implements cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.
- CCI-002476 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
Weight
10
Fix Recommendation
Employ IBM's DS8880 hardware to ensure full disk encryption.
Check Contents
Determine if IBM's DS880 Disks are in use.
If they are not in use for systems that require data at rest, this is a finding.
Vulnerability Number
V-223569
Documentable
False
Rule Version
ACF2-OS-000340
Severity Override Guidance
Determine if IBM's DS880 Disks are in use.
If they are not in use for systems that require data at rest, this is a finding.
Check Content Reference
M
Target Key
4100
Comments
STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: