STIGQter: STIG Summary: z/OS CL/SuperSession for ACF2 STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018:

CL/SuperSession KLVINNAM member must be configured in accordance to security requirements.

DISA Rule

SV-27256r4_rule

Vulnerability Number

V-22690

Group Title

ZB000042

Rule Version

ZCLSA042

Severity

CAT II

CCI(s)

• CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.

Weight

10

Fix Recommendation

Ensure that the parameter options for member KLVINNAM are coded to the below specifications.

(Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)

Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
NORACF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSA2NEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
SAF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSSFPTX

Check Contents

Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0042)

If one of the following configuration settings is specified, this is not a finding.

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
NORACF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSA2NEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
SAF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSSFPTX

Vulnerability Number

V-22690

Documentable

False

Rule Version

ZCLSA042

Severity Override Guidance

Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0042)

If one of the following configuration settings is specified, this is not a finding.

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
NORACF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSA2NEV

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) –
SAF –
CLASSES=APPCLASS –
NODB –
EXIT=KLSSFPTX

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1857

Comments