UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CL/SuperSession KLVINNAM member must be configured in accordance with security requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-224657 ZCLST042 SV-224657r952264_rule Medium
Description
CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications and compromise the confidentiality of customer data.
STIG Date
z/OS CL/SuperSession for TSS Security Technical Implementation Guide 2024-02-19

Details

Check Text ( C-26340r952262_chk )
Version 3 of CL/SuperSession
Review the member KLKINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Version 2 of CL/SuperSession
Review the member KLVINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession)
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0042)

If one of the following configuration settings is specified for each control point defined in the KLKINNAM member for version 3 of CL/SuperSession or KLVINNAM member for version 2 of CL/SuperSession, this is not a finding.

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
RACF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSTSNEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
SAF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSNFPTX or KLSTSPTX
Fix Text (F-26328r952263_fix)
Ensure that the parameter options for member KLKINNAM for version 3 of CL/SuperSession or KLVINNAM for version 2 CL/SuperSession are coded to the specifications below.

(Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product's installation guide and can be site specific.)

Review the member KLKINNAM or KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
RACF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSTSNEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
SAF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSNFPTX or KLSTSPTX