"Micro Focus DSD" is the name that MFDS, the Micro Focus Directory Server, uses to identify itself in HTTP responses. It's not a separate product; it's part of several Micro Focus products, including Visual COBOL, Enterprise Developer, and Enterprise Server.
IIS is only one HTTP server among many. The absence of IIS just means IIS won't be responding to HTTP requests. In this case, it's MFDS that's responding to the requests from ACAS.
I would call the "issue" being reported by ACAS a false positive - in fact, I think it's a meaningless check. Unfortunately most of these web scanning tools are rather poor quality; they flag many things that have little or no security impact, or are outright incorrect.
If you need to have this changed to comply with a requirement, please open an incident and ask your Micro Focus Customer Care representative to raise a problem report so Development can schedule a change. (It's not really accurate to call it a "fix", since the existing behavior isn't broken, except in the mind of whoever added that check to ACAS.)
Thank you for the response. I've followed your advice and opened an incident. If I can't "close this hole", so to speak, then I will perpetually have to describe/explain/defend its existence to the never-ending column of admin-type managers sticking their noses into technical matters.