This check determines if any usage of user key common storage was detected on the system.
Reason for check:
Allowing programs to use user key common creates a security risk because common storage can then be modified by any unauthorized program. This check provides advanced warning of this potential security risk so the system programmer can take appropriate action.
z/OS® releases the check applies to:
z/OS V2R1 and later, in both ESA and z/Architecture® modes.
Parameters accepted:
The following parameters are supported to control WTOs produced by exception messages when a new user key common storage usage attempt is detected:
Exceptions should be issued if there are any user key common storage usage attempts made on this system since the last IPL.
PARM('NEW(text value)')
Exceptions should only be issued for user key common storage usage attempts that are detected after this parameter is set. The 'text value' is free-form and is not used by health check processing. It should contain text to help the user uniquely identify this particular parameter set.
The following are examples of PARM specifications for ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM:
PARM('NEW(yyyy/mm/dd hh:mm)')
User override of IBM values:
The following sample shows the defaults for customizable values for this check. Use this sample to make permanent check customizations in an HZSPRMxx parmlib member used at IBM Health Checker for z/OS startup. If you just want a one-time only update to the check defaults, omit the first line (ADDREPLACE POLICY) and use the UPDATE statement on a MODIFY hzsproc command. Note that using non-POLICY UPDATEs in HZSPRMxx can lead to unexpected results and is therefore not recommended.
    REASON('Your reason for making the update.')
For more information, see section Prepare for the removal of support for user key common areas in .z/OS Upgrade Workflow.
This check issues the following messages:
  • IGVH113I
  • IGVH114E
See the IGVH messages in z/OS MVS System Messages, Vol 9 (IGF-IWM).
SECLABEL recommended for multilevel security users:
SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.