V-223513
SV-223513r958552_rule
CAT II
ACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change.
From: IBM z/OS ACF2 Security Technical Implementation Guide (V9R8)
Description
<VulnDiscussion>The RESVOLS record defines DASD and mass storage volumes for which CA ACF2 is to provide protection at the data set name level.
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system.
This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
From an ACF command screen, enter:
SET CONTROL(GSO)
LIST RESVOLS
If the GSO RESVOLS record values conform to the following requirements, this is not a finding.
VOLMASK(-)
NOTE: Local changes will be documented in writing with supporting documentation.
If there is any deviation from the above requirements in the GSO RESVOLS record values, this is a finding.
Fix Text
Define the GSO RESVOLS record values to conform to the following requirements.
VOLMASK(-)
Example:
SET C(GSO)
INSERT RESVOLS VOLMASK(-)
F ACF2,REFRESH(SECVOLS)
CCI Reference
CCI-000368,CCI-001199- Created
- 2026-04-07 20:08:19
- Last Updated
- 2026-04-07 20:08:19