STIGQter: STIG Summary: z/OS CL/SuperSession for RACF STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018:

CL/SuperSessions Resouce Class will be defined or active in the ACP.

DISA Rule

SV-27189r2_rule

Vulnerability Number

V-18011

Group Title

ZB000038

Rule Version

ZCLSR038

Severity

CAT II

CCI(s)

• CCI-000336 - The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended.
• CCI-002358 - The information system implements a reference monitor for organization-defined access control policies that is always invoked.

Weight

10

Fix Recommendation

The IAO will ensure that the CL/SuperSession Resource Class(es) is (are) active. The SYS3.OMEGAMON.qualifier.RLSPARM(KLVINNAM) member contains a "CLASSES=" entry, this entry identifies the member that contains the "VGWAPLST EXTERNAL=" entry. The "VGWAPLST EXTERNAL=" entry identifies the resource class that is used by CL/SuperSession and this resource class will be active. Current guidance identifies that APPL is the resource class identified in the above location.

Use the following commands as an example:

SETROPTS CLASSACT(APPL)

Check Contents

Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(ZCLSR038)

If the CL/SuperSession resource class(es) is (are) active, this is not a finding.

Vulnerability Number

V-18011

Documentable

False

Rule Version

ZCLSR038

Severity Override Guidance

Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(ZCLSR038)

If the CL/SuperSession resource class(es) is (are) active, this is not a finding.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

1857

Comments