DISA releases out-of-cycle IBM z/OS STIG and Products updates

The Defense Information Systems Agency has released the following out-of-cycle Security Technical Implementation Guide (STIG) updates, which become effective immediately upon release:



zOS ACF2 Products STIG – Ver 6, Rel 55

zOS RACF Products STIG – Ver 6, Rel 55

zOS TSS Products STIG – Ver 6, Rel 55


The updates were made to correct non-ASCII characters in the STIGs. Please note that some RuleIDs in the STIGs are updated due to changes within DISA’s content management system. Despite the RuleID change, content did not change unless specified in the Revision History file.


Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.


Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.