DoD releases new z/OS STIG and Product STIGs as used by DoD.

•DoD z/OS STIG Version 8.1 and 8.2 – https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_zOS_Y21M01_STIG.zip

•DoD z/OS Products – CA ACF2 Managed Mainframes – https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_ACF2_V6R48_Products.zip

•DoD z/OS Products – CA TSS managed Mainframes – https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_TSS_V6R48_Products.zip

•DoD z/OS Products – IBM RACF managed Mainframes – https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_RACF_V6R48_Products.zip

z/OS Vendor STIGs for CA Cleanup on z/OS


Broadcom has started to publish their own Vendor Product STIGs for CA Cleanup on z/OS, how to properly secure CA Cleanup using ACF2, Top Secret or RACF on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor CA Cleanup STIGs can be found at:

ACF2 – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-acf2/using-stig-articles-for-ca-cleanup-for-ca-acf2.html

Top Secret – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-top-secret/using-stig-articles-for-ca-cleanup-for-top-secret.html

RACF – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-racf.html

z/OS Vendor Top Secret (TSS) STIG for z/OS

Broadcom has started to publish their own Vendor Product STIG – TSS for z/OS, how to properly utilize TSS to secure the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor TSS STIG for z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/using-stig-articles.html

z/OS Vendor ACF2 STIG for z/OS

Broadcom has started to publish their own Vendor Product STIG – ACF2 for z/OS, how to properly utilize ACF2 to secure the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.

The Broadcom Vendor ACF2 STIG for z/OS can be found at: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/using-stig-articles.html

z/OS Vendor Security Technical Implementation Guides (STIG)

What are Vendor STIGs ? Vendor STIGs are Security Technical Implementation Guides written by the Subject Mater Experts of specific products that run on z/OS Mainframes.

What are “STIGs” ? STIG is an common industry acronym for Security Technical Implementation Guides. STIGs are robust documentation written for products, ensuring products that installed are fully and properly secured with risks and exposures are minimized while allowing users the ability to utilize the product.

As Vendors develop STIGs for their products, we will be posting links here directly to those STIGs or Posting the STIGs for the products within this site.