Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-224657 | ZCLST042 | SV-224657r952264_rule | Medium |
Description |
---|
CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications and compromise the confidentiality of customer data. |
STIG | Date |
---|---|
z/OS CL/SuperSession for TSS Security Technical Implementation Guide | 2024-02-19 |
Check Text ( C-26340r952262_chk ) |
---|
Version 3 of CL/SuperSession Review the member KLKINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Version 2 of CL/SuperSession Review the member KLVINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession) Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0042) If one of the following configuration settings is specified for each control point defined in the KLKINNAM member for version 3 of CL/SuperSession or KLVINNAM member for version 2 of CL/SuperSession, this is not a finding. DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - RACF - CLASSES=APPCLASS - NODB - EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - SAF - CLASSES=APPCLASS - NODB - EXIT=KLSNFPTX or KLSTSPTX |
Fix Text (F-26328r952263_fix) |
---|
Ensure that the parameter options for member KLKINNAM for version 3 of CL/SuperSession or KLVINNAM for version 2 CL/SuperSession are coded to the specifications below. (Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product's installation guide and can be site specific.) Review the member KLKINNAM or KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - RACF - CLASSES=APPCLASS - NODB - EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) - SAF - CLASSES=APPCLASS - NODB - EXIT=KLSNFPTX or KLSTSPTX |