z/OS CL/SuperSession for TSS STIG Version Comparison

z/OS CL/SuperSession for TSS Security Technical Implementation Guide

Comparison

There are 1 differences between versions v6 r9 (July 28, 2017) (the "left" version) and v6 r11 (July 23, 2021) (the "right" version).

Check ZCLST042 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

CL/SuperSession KLVINNAM member must be configured in accordance to security requirements.

Check Content

Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0042) If Collection: - PDI(ZCLS0042) If one of the following configuration settings is specified, specified for each control point defined in the KLVINNAM member, this is not a finding. DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – RACF – RACF – CLASSES=APPCLASS – CLASSES=APPCLASS – NODB – NODB – EXIT=KLSTSNEV (The – EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – SAF – SAF – CLASSES=APPCLASS – CLASSES=APPCLASS – NODB – NODB – EXIT=KLSNFPTX – EXIT=KLSNFPTX or KLSTSPTX

Discussion

CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.

Fix

The Systems Programmer and IAO will ensure Ensure that the parameter options for member KLVINNAM are coded to the below specifications. (Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product’s installation guide and can be site specific.) Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – RACF RACF – CLASSES=APPCLASS CLASSES=APPCLASS – NODB NODB – EXIT=KLSTSNEV (The EXIT=KLSTSNEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – SAF SAF – CLASSES=APPCLASS CLASSES=APPCLASS – NODB NODB – EXIT=KLSNFPTX EXIT=KLSNFPTX or KLSTSPTX