z/OS CL/SuperSession for RACF STIG Version Comparison

There are 3 differences between versions v6 r11 (July 23, 2021) (the "left" version) and v6 r13 (April 24, 2024) (the "right" version).

Check ZCLS0041 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

CL/SuperSession is not must be properly configured to generate SMF records for audit trail and accounting reports.

Check Content

a) Review a) Version 3 of CL/SuperSession Review the member KLKINNAF in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure to determine SMF number. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Version 2 of CL/SuperSession Review the member KLVINNAF in the TLVPARM DD statement concatenation of the CL/Supersession CL/SuperSession STC procedure. procedure to determine SMF number. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Refer to the following report produced by the z/OS Data Collection: - Collection: - EXAM.RPT(SMFOPTS) Automated EXAM.RPT(SMFOPTS) Automated Analysis Refer Analysis (Currently there is no automation for version 3 of CL/SuperSession) Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0041) b) If Collection: - PDI(ZCLS0041) b) If the SMF= field specifies an SMF record number, review the SMFOPTS report to verify SMF is writing that record type. c) If type. c) If SMF is writing the record number specified by SMF=, there is NO FINDING. d) If no finding. d) If the SMF= field does not specify an SMF record number, or SMF is not writing the record number specified by SMF=, this is a FINDING. finding.

Discussion

Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, applications and compromise the confidentiality of customer data.

Fix

The Systems Programmer and IAO will review all session manager security parameters and control options for compliance. To ensure Ensure that the Session Manager generates SMF records for audit trail and accounting reports. To provide an audit trail of user activity in CL/SuperSession, configure the Network Accounting Facility (NAF) to require SMF recording of accounting and audit data. Accounting to the journal data set is optional at the discretion of the site. To accomplish this, this for version 3 of CL/Supersession, configure the following NAF startup parameters in the KLVINNAF KLKINNAF member of the RLSPARM initialization parameter library as follows: DSNAME= dsname Name dsname - Name of the NAF journal data set. Required only if the site is collecting accounting and audit data in the journal data set in addition to the SMF data. MOD If data. MOD - If the journal data set is used, this parameter should be set to ensure that logging data in the data set is not overwritten. SMF=nnn SMF overwritten. SMF=nnn - SMF record number. This field is mandatory to ensure that CL/SuperSession data is always written to the SMF files.