Check: ZCLSR043
z/OS CL/SuperSession for RACF STIG:
ZCLSR043
(in versions v6 r12 through v6 r8)
Title
CL/SuperSession APPCLASS member is not configured in accordance with the proper security requirements. (Cat II impact)
Discussion
Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.
Check Content
a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/Supersession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0043) b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING: VGWAPLST EXTERNAL=APPL c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.
Fix Text
The Systems Programmer and IAO will ensure that the parameter options for member APPCLASS are coded to the below specifications. Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: VGWAPLST EXTERNAL=APPL
Additional Identifiers
Rule ID: SV-224469r519763_rule
Vulnerability ID: V-224469
Group Title: SRG-OS-000018
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000035 |
The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies. |
Controls
Number | Title |
---|---|
AC-4 (11) |
Configuration Of Security Policy Filters |