z/OS STIGS – Security Technical Implementation Guides by DISA V8 – current releases as of 25 October 2023

Always review the Revision History document to see what was changed within the DoD STIG. Important to note:

The mainframe software vendor, Broadcom, has been creating their own updated STIG Articles for ACF2, Top Secret (TSS) and many other solutions such as IDMS, Sysview, CA1, Endevor and others.

Mainframe software vendors are the subject mater experts of their solutions, while DISA produces the DoD STIG, DISA’s knowledge is limited and may not be accurate within their STIG articles. Example: Within ACF2, NON-CNCL attribute allows a user to bypass all security controls, DISA’s STIG article (ACF2-ES-000640) rates the ability to bypass security and compromise the system via NON-CNCL as a “severity: CAT II” and the vendor Broadcom has NON-CNCL within ACF2 properly identified as a severity 1 – High.

Broadcom continues to publish STIG articles for standard z/OS Mainframe Cybersecurity controls

Check here for the latest STIG Articles on Top Secret (TSS) z/OS Mainframe standard Cybersecurity controls: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0.html

Check here for the latest STIG Articles for ACF2 z/OS Mainframe standard Cybersecurity controls:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/using-stig-articles.html

z/OS Vendor CA Endevor STIG for ACF2, RACF and Top Secret (TSS)

Broadcom has published their own Vendor Product STIG for CA Endevor for z/OS, how to properly secure Endevor using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor Endevor STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/devops/ca-endevor-software-change-manager/18-1/using-stig-articles.html

z/OS Vendor Common Components and Services or CCS STIG for ACF2, RACF and Top Secret (TSS)


Broadcom has published their own Vendor Product STIG for CA Common Components and Services or CCS for z/OS, how to properly secure CCS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor CCS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-common-services-for-z-os/15-0/using-stig-articles.html

z/OS Vendor OPS/MVS STIG for ACF2, RACF and Top Secret (TSS)

Broadcom has published their own Vendor Product STIG for CA OPS/MVS for z/OS, how to properly secure OPS/MVS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor OPS/MVS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/using-stig-articles.html

z/OS Vendor SYSVIEW STIG for RACF

Broadcom has started to publish their own Vendor Product STIG for CA SYSVIEW for z/OS, how to properly secure SYSVIEW using RACF on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor SYSVIEW STIG using RACF on z/OS can be found at:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/performance-and-storage/ca-sysview-performance-management/16-0/using-stig-articles.html