Duplicated IBM z/OS sensitive utilities and/or programs must not exist in APF libraries.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-223566	SRG-OS-000095-GPOS-00049	ACF2-OS-000310	SV-223566r958478_rule	2025-03-11	9

Description
Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

Description

Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

ℹ️ Check
From an ISPF Command line enter: TSO ISRDDN APF An APF List results On the command line enter: DUPlicates (make sure there is appropriate access, if not you may receive insufficient access errors) If any of the list of Sensitive Utilities exist in the duplicate APF modules return, this is a finding. The following list contains Sensitive Utilities that will be checked. AHLGTF AMASPZAP AMAZAP AMDIOCP AMZIOCP BLSROPTR CSQJU003 CSQJU004 CSQUCVX CSQUTIL CSQ1LOGP DEBE DITTO FDRZAPOP GIMSMP HHLGTF ICKDSF ICPIOCP IDCSC01 IEHINITT IFASMFDP IGWSPZAP IHLGTF IMASPZAP IND$FILE IOPIOCP IXPIOCP IYPIOCP IZPIOCP WHOIS L052INIT TMSCOPY TMSFORMT TMSLBLPR TMSMULV TMSREMOV TMSTPNIT TMSUDSNB

ℹ️ Check

From an ISPF Command line enter: TSO ISRDDN APF An APF List results On the command line enter: DUPlicates (make sure there is appropriate access, if not you may receive insufficient access errors) If any of the list of Sensitive Utilities exist in the duplicate APF modules return, this is a finding. The following list contains Sensitive Utilities that will be checked. AHLGTF AMASPZAP AMAZAP AMDIOCP AMZIOCP BLSROPTR CSQJU003 CSQJU004 CSQUCVX CSQUTIL CSQ1LOGP DEBE DITTO FDRZAPOP GIMSMP HHLGTF ICKDSF ICPIOCP IDCSC01 IEHINITT IFASMFDP IGWSPZAP IHLGTF IMASPZAP IND$FILE IOPIOCP IXPIOCP IYPIOCP IZPIOCP WHOIS L052INIT TMSCOPY TMSFORMT TMSLBLPR TMSMULV TMSREMOV TMSTPNIT TMSUDSNB

✔️ Fix
Review and ensure that duplicate sensitive utility(ies) and/or program(s) do not exist in APF-authorized libraries. Identify all versions of the sensitive utilities contained in APF-authorized libraries listed in the above check. In cases where duplicates exist, ensure no exposure has been created and written justification has been filed with the ISSO. Comparisons among all the APF libraries will be done to ensure that an exposure is not created by the existence of identically named modules. Address any sensitive utility concerns so that the function can be restricted as required.

✔️ Fix

Review and ensure that duplicate sensitive utility(ies) and/or program(s) do not exist in APF-authorized libraries. Identify all versions of the sensitive utilities contained in APF-authorized libraries listed in the above check. In cases where duplicates exist, ensure no exposure has been created and written justification has been filed with the ISSO. Comparisons among all the APF libraries will be done to ensure that an exposure is not created by the existence of identically named modules. Address any sensitive utility concerns so that the function can be restricted as required.