STIGQter STIGQter: STIG Summary: z/OS CL/SuperSession for ACF2 STIG Version: 6 Release: 10 Benchmark Date: 27 Apr 2018:

CL/SuperSession APPCLASS member is not configured in accordance with the proper security requirements.

DISA Rule

SV-27259r1_rule

Vulnerability Number

V-22691

Group Title

ZB000043

Rule Version

ZCLSA043

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Systems Programmer and IAO will ensure that the parameter options for member APPCLASS are coded to the below specifications.

Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following:

VGWAPLST EXTERNAL=APL

Check Contents

a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0043)

b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING:

VGWAPLST EXTERNAL=APL

c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.

Vulnerability Number

V-22691

Documentable

False

Rule Version

ZCLSA043

Severity Override Guidance

a) Review the member APPCLASS in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0043)

b) If the parameters for the member APPCLASS are configured as follows, there is NO FINDING:

VGWAPLST EXTERNAL=APL

c) If the parameters for the member APPCLASS are not configured as specified in (b) above, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1857

Comments