CL/SuperSession KLVINNAM member must be configured in accordance with security requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-224657	ZCLST042	SV-224657r952264_rule		Medium

Description
CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications and compromise the confidentiality of customer data.

STIG	Date
z/OS CL/SuperSession for TSS Security Technical Implementation Guide	2024-02-19

Details

Check Text ( C-26340r952262_chk )
Version 3 of CL/SuperSession Review the member KLKINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Version 2 of CL/SuperSession Review the member KLVINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession) Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0042) If one of the following configuration settings is specified for each control point defined in the KLKINNAM member for version 3 of CL/SuperSession or KLVINNAM member for version 2 of CL/SuperSession, this is not a finding. DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - RACF - CLASSES=APPCLASS - NODB - EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - SAF - CLASSES=APPCLASS - NODB - EXIT=KLSNFPTX or KLSTSPTX

Check Text ( C-26340r952262_chk )

Version 3 of CL/SuperSession
Review the member KLKINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Version 2 of CL/SuperSession
Review the member KLVINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession)
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0042)

If one of the following configuration settings is specified for each control point defined in the KLKINNAM member for version 3 of CL/SuperSession or KLVINNAM member for version 2 of CL/SuperSession, this is not a finding.

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
RACF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSTSNEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
SAF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSNFPTX or KLSTSPTX

Fix Text (F-26328r952263_fix)
Ensure that the parameter options for member KLKINNAM for version 3 of CL/SuperSession or KLVINNAM for version 2 CL/SuperSession are coded to the specifications below. (Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product's installation guide and can be site specific.) Review the member KLKINNAM or KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - RACF - CLASSES=APPCLASS - NODB - EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - SAF - CLASSES=APPCLASS - NODB - EXIT=KLSNFPTX or KLSTSPTX

Fix Text (F-26328r952263_fix)

Ensure that the parameter options for member KLKINNAM for version 3 of CL/SuperSession or KLVINNAM for version 2 CL/SuperSession are coded to the specifications below.

(Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product's installation guide and can be site specific.)

Review the member KLKINNAM or KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
RACF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSTSNEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
SAF -
CLASSES=APPCLASS -
NODB -
EXIT=KLSNFPTX or KLSTSPTX