STIGQter STIGQter: STIG Summary: z/OS CL/SuperSession for RACF STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018:

CL/SuperSession APPCLASS member is not configured in accordance with the proper security requirements.

DISA Rule

SV-27260r1_rule

Vulnerability Number

V-22691

Group Title

ZB000043

Rule Version

ZCLSR043

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Systems Programmer and IAO will ensure that the parameter options for member APPCLASS are coded to the below specifications.

Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

VGWAPLST EXTERNAL=APPL

Check Contents

a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/Supersession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0043)

b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING:

VGWAPLST EXTERNAL=APPL

c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.

Vulnerability Number

V-22691

Documentable

False

Rule Version

ZCLSR043

Severity Override Guidance

a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/Supersession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0043)

b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING:

VGWAPLST EXTERNAL=APPL

c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.

Check Content Reference

M

Target Key

1857

Comments