CL/SuperSession KLVINNAM member must be configured in accordance to security requirements.

From z/OS CL/SuperSession for ACF2 STIG

Part of ZB000042

Associated with IA controls: ECCD-2, ECCD-1

Associated with: CCI-000035

SV-27256r3_rule CL/SuperSession KLVINNAM member must be configured in accordance to security requirements.

Vulnerability discussion

CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.

Check content

Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0042) If one of the following configuration settings is specified, this is not a finding. DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – NORACF – CLASSES=APPCLASS – NODB – EXIT=KLSA2NEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – SAF – CLASSES=APPCLASS – NODB – EXIT=KLSSFPTX

Fix text

The Systems Programmer and IAO will ensure that the parameter options for member KLVINNAM are coded to the below specifications. (Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product’s installation guide and can be site specific.) Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – NORACF – CLASSES=APPCLASS – NODB – EXIT=KLSA2NEV (The following is for z/OS CAC logon processing) DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) – SAF – CLASSES=APPCLASS – NODB – EXIT=KLSSFPTX

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer