Check: ZCLST038
z/OS CL/SuperSession for TSS STIG:
ZCLST038
(in versions v6 r12 through v6 r8)
Title
CL/SuperSession's Resouce Class is not defined or active in the ACP. (Cat II impact)
Discussion
Failure to use a robust ACP to control a product could potentially compromise the integrity and availability of the MVS operating system and user data.
Check Content
a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(#RDT) b) If the resource class of KLS is defined, there is NO FINDING. c) If the resource class of KLS is not defined, this is a FINDING.
Fix Text
Add the resource KLS to the TOP SECRET RDT using the following TSS command example: TSS ADD(RDT) RESCLASS(KLS) RESCODE(xx) (where xx is an unused hex value)
Additional Identifiers
Rule ID: SV-224656r855143_rule
Vulnerability ID: V-224656
Group Title: SRG-OS-000309
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000336 |
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended. |
CCI-002358 |
The information system implements a reference monitor for organization-defined access control policies that is always invoked. |