STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.

DISA Rule

SV-223576r533198_rule

Vulnerability Number

V-223576

Group Title

SRG-OS-000029-GPOS-00010

Rule Version

ACF2-OS-002360

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the session manager to initiate a session lock after a 15-minute period of inactivity.

Check Contents

Ask the system administrator for the configuration parameters for the session manager in use.

If there is no session manager in use, this is a finding.

If the session manager is not configured to initiate session lock after a 15-minute period of inactivity this is a finding.

Vulnerability Number

V-223576

Documentable

False

Rule Version

ACF2-OS-002360

Severity Override Guidance

Ask the system administrator for the configuration parameters for the session manager in use.

If there is no session manager in use, this is a finding.

If the session manager is not configured to initiate session lock after a 15-minute period of inactivity this is a finding.

Check Content Reference

M

Target Key

4100

Comments