Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
XFACILIT class, or alternate class if specified in module CKRSITE, must be active.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259738 | ZSEC-00-000260 | SV-259738r943248_rule | Medium |
| Description |
|---|
| The zSecure resource class that is configured for the zSecure access checks must be active to receive valid Allow/Deny responses from external security manager (ESM) resource checks. Activation is outside of zSecure, in the ESM. |
| STIG | Date |
|---|---|
| IBM zSecure Suite Security Technical Implementation Guide | 2024-01-18 |
Details
| Check Text ( C-63477r943246_chk ) |
|---|
| Run the CARLa command SHOW CKRSITE. The output of this command reveals which resource class is configured for handling the zSecure security checks. The default resource class is XFACILIT. Verify in the class descriptor table that the configured zSecure resource class is active. If the configured zSecure resource class is not active, this is a finding. |
| Fix Text (F-63384r943247_fix) |
|---|
| Ensure the resource class that is configured in CKRSITE for zSecure security checks is active in the RACF class descriptor table. The default class is XFACILIT. IBM Security zSecure recommends the generic be activated. Following is a sample command: SETROPTS CLASSACT(XFACILIT) or SETROPTS CLASSACT( |