z/OS Mainframe STIGs - Mainframe STIG

October 25, 2023October 25, 2023

z/OS STIGS – Security Technical Implementation Guides by DISA V8 – current releases as of 25 October 2023

Always review the Revision History document to see what was changed within the DoD STIG. Important to note:

The mainframe software vendor, Broadcom, has been creating their own updated STIG Articles for ACF2, Top Secret (TSS) and many other solutions such as IDMS, Sysview, CA1, Endevor and others.

Mainframe software vendors are the subject mater experts of their solutions, while DISA produces the DoD STIG, DISA’s knowledge is limited and may not be accurate within their STIG articles. Example: Within ACF2, NON-CNCL attribute allows a user to bypass all security controls, DISA’s STIG article (ACF2-ES-000640) rates the ability to bypass security and compromise the system via NON-CNCL as a “severity: CAT II” and the vendor Broadcom has NON-CNCL within ACF2 properly identified as a severity 1 – High.

U_IBM_zOS_TSS_STIG_V8R13-Mainframe-zOS-STIG Download

U_IBM_zOS_ACF2_STIG_V8R13-Mainframe-zOS-STIG Download

U_IBM_zOS_RACF_STIG_V8R12_-Mainframe-zOS-STIG Download

U_IBM_zOS_Overview Download

U_IBM_zOS_Revision_History Download

February 8, 2023February 22, 2023

IBM z System Security Benchmarks

IBM submitted some z System Mainframe Cybersecurity Benchmarks to the CIS organization.

CIS has published those Mainframe Cybersecurity standards at: https://www.cisecurity.org/benchmark/ibm_z

Or you can download here: CIS_IBM_z_OS_V2R5_with_RACF_Benchmark_v1.0.0

June 2, 2022June 2, 2022

z/OS STIGS – Security Technical Implementation Guides by DISA V8R7

U_IBM_zOS_RACF_STIG_V8R7 Download

U_IBM_zOS_ACF2_STIG_V8R6 Download

U_IBM_zOS_TSS_STIG_V8R6_Manual Download

U_IBM_zOS_Overview Download

U_IBM_zOS_Revision_History Download

U_zOS_V6R52_STIG_Addendum Download

March 3, 2022March 3, 2022

z/OS Vendor CA Endevor STIG for ACF2, RACF and Top Secret (TSS)

Broadcom has published their own Vendor Product STIG for CA Endevor for z/OS, how to properly secure Endevor using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor Endevor STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/devops/ca-endevor-software-change-manager/18-1/using-stig-articles.html

March 2, 2022June 2, 2022

z/OS Vendor Common Components and Services or CCS STIG for ACF2, RACF and Top Secret (TSS)

Broadcom has published their own Vendor Product STIG for CA Common Components and Services or CCS for z/OS, how to properly secure CCS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor CCS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-common-services-for-z-os/15-0/using-stig-articles.html

February 28, 2022March 2, 2022

z/OS Vendor OPS/MVS STIG for ACF2, RACF and Top Secret (TSS)

Broadcom has published their own Vendor Product STIG for CA OPS/MVS for z/OS, how to properly secure OPS/MVS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor OPS/MVS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/using-stig-articles.html

September 1, 2021September 1, 2021