STIGQter STIGQter: STIG Summary: z/OS CL/SuperSession for TSS STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018: CL/SuperSession profile options are set improperly.

DISA Rule

SV-27197r1_rule

Vulnerability Number

V-18014

Group Title

ZB000040

Rule Version

ZCLS0040

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Systems Programmer and IAO will review all session manager security parameters and control options for compliance with the requirements of the z/OS STIG Addendum Required CL/SuperSession Common Profile Options and Required CL/SuperSession Profile Options Tables. Verify that the options are set properly.

Check Contents

a) The following steps are necessary for reviewing the CL/SuperSession options:

1) Request on-line access from the site administrator to view CL/SuperSession parameter settings.
2) Once access to the CL/SuperSession Main Menu has been obtained, select the option for the ADMINISTRATOR menu.
3) From the ADMINISTRATOR menu, select the option for the PROFILE SELECTION menu.
4) From the PROFILE SELECTION menu, select the View GLOBAL Profile option.
5) After selection of the View GLOBAL Profile option, the Update GLOBAL Profile menu appears. From this menu select the profile to be reviewed:

- To view the Common profile select: _Common
- To view the SUPERSESSION profile select: _SupSess

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0040)

b) Compare the security parameters as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum against the CL/SuperSession Profile options.

c) If all options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum are in effect, there is NO FINDING.

d) If any of the options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum is not in effect, this is a FINDING.

Vulnerability Number

V-18014

Documentable

False

Rule Version

ZCLS0040

Severity Override Guidance

a) The following steps are necessary for reviewing the CL/SuperSession options:

1) Request on-line access from the site administrator to view CL/SuperSession parameter settings.
2) Once access to the CL/SuperSession Main Menu has been obtained, select the option for the ADMINISTRATOR menu.
3) From the ADMINISTRATOR menu, select the option for the PROFILE SELECTION menu.
4) From the PROFILE SELECTION menu, select the View GLOBAL Profile option.
5) After selection of the View GLOBAL Profile option, the Update GLOBAL Profile menu appears. From this menu select the profile to be reviewed:

- To view the Common profile select: _Common
- To view the SUPERSESSION profile select: _SupSess

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0040)

b) Compare the security parameters as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum against the CL/SuperSession Profile options.

c) If all options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum are in effect, there is NO FINDING.

d) If any of the options as specified in the Required CL/SuperSession Common Profile Options and Required CL/Superssion Profile Options Tables in the z/OS STIG Addendum is not in effect, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1857

Comments