STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS TCPIP.DATA configuration statement must contain the DOMAINORIGIN or DOMAIN specified for each TCP/IP defined.

DISA Rule

SV-223607r533198_rule

Vulnerability Number

V-223607

Group Title

SRG-OS-000402-GPOS-00181

Rule Version

ACF2-TC-000090

Severity

CAT II

CCI(s)

• CCI-002468 - The information system performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Weight

10

Fix Recommendation

Configure the TCPIP.DATA file to include the following:

DOMAINORIGIN/DOMAIN - Specifies the default domain name used for DNS searches.

Check Contents

Refer to the Data configuration file specified on the SYSTCPD DD statement in the TCPIP started task JCL.

If the configuration statements are specified in the TCP/IP Data configuration file guidance is true, this is not a finding.

DOMAINORIGIN/DOMAIN (The DOMAIN statement is functionally equivalent to the DOMAINORIGIN Statement)

Vulnerability Number

V-223607

Documentable

False

Rule Version

ACF2-TC-000090

Severity Override Guidance

Refer to the Data configuration file specified on the SYSTCPD DD statement in the TCPIP started task JCL.

If the configuration statements are specified in the TCP/IP Data configuration file guidance is true, this is not a finding.

DOMAINORIGIN/DOMAIN (The DOMAIN statement is functionally equivalent to the DOMAINORIGIN Statement)

Check Content Reference

M

Target Key

4100

Comments