CL/SuperSession profile options are set improperly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-224649	ZCLS0040	SV-224649r519766_rule		Medium

Description
Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.

STIG	Date
z/OS CL/SuperSession for TSS Security Technical Implementation Guide	2022-10-10

Details

Check Text ( C-26332r519764_chk )
a) The following steps are necessary for reviewing the CL/SuperSession options: 1) Request on-line access from the site administrator to view CL/SuperSession parameter settings. 2) Once access to the CL/SuperSession Main Menu has been obtained, select the option for the ADMINISTRATOR menu. 3) From the ADMINISTRATOR menu, select the option for the PROFILE SELECTION menu. 4) From the PROFILE SELECTION menu, select the View GLOBAL Profile option. 5) After selection of the View GLOBAL Profile option, the Update GLOBAL Profile menu appears. From this menu select the profile to be reviewed: - To view the Common profile select: _Common - To view the SUPERSESSION profile select: _SupSess Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0040) b) Compare the security parameters as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum against the CL/SuperSession Profile options. c) If all options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum are in effect, there is NO FINDING. d) If any of the options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum is not in effect, this is a FINDING.

Check Text ( C-26332r519764_chk )

a) The following steps are necessary for reviewing the CL/SuperSession options:

1) Request on-line access from the site administrator to view CL/SuperSession parameter settings.
2) Once access to the CL/SuperSession Main Menu has been obtained, select the option for the ADMINISTRATOR menu.
3) From the ADMINISTRATOR menu, select the option for the PROFILE SELECTION menu.
4) From the PROFILE SELECTION menu, select the View GLOBAL Profile option.
5) After selection of the View GLOBAL Profile option, the Update GLOBAL Profile menu appears. From this menu select the profile to be reviewed:

- To view the Common profile select: _Common
- To view the SUPERSESSION profile select: _SupSess

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0040)

b) Compare the security parameters as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum against the CL/SuperSession Profile options.

c) If all options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum are in effect, there is NO FINDING.

d) If any of the options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum is not in effect, this is a FINDING.

Fix Text (F-26320r519765_fix)
The Systems Programmer and IAO will review all session manager security parameters and control options for compliance with the requirements of the z/OS STIG Addendum Required CL/SuperSession Common Profile Options and Required CL/SuperSession Profile Options Tables. Verify that the options are set properly.