STIGQter: STIG Summary: z/OS CL/SuperSession for ACF2 STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018:

CL/SuperSession APPCLASS member is not configured in accordance with the proper security requirements.

DISA Rule

SV-27259r1_rule

Vulnerability Number

V-22691

Group Title

ZB000043

Rule Version

ZCLSA043

Severity

CAT II

CCI(s)

CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.

Weight

Fix Recommendation

The Systems Programmer and IAO will ensure that the parameter options for member APPCLASS are coded to the below specifications.

Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

VGWAPLST EXTERNAL=APL

Check Contents

a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0043)

b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING:

VGWAPLST EXTERNAL=APL

c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.

CL/SuperSession APPCLASS member is not configured in accordance with the proper security requirements.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments