IBM Support

OA50398: PCI-DSS RULE 8.1.1 REPORTS EXEMPT FOR UID0 WHICH DOES NOT MATCH TEST DESCRIPTION

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • PCI-DSS rule 8.1.1 reports on UID0 as non-compliant and exempt.
    The test description states:
    "Every non-zero UNIX ID must be unique."
    so reporting objects for UID0 as non-compliant and exempt is
    not logical as UID0 should be excluded from the test.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 PCI-DSS compliance rule 8.1.1.               *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit PCI-DSS compliance    *
    *                      rule 8.1.1 reports super-users (users   *
    *                      with UID 0) as non-compliant.           *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The PCI-DSS compliance rule 8.1.1 (Verify that all users are
    assigned a unique id for access to system components or
    cardholder data) reports users with UID 0 (super-users) as
    non-compliant.
    

Problem conclusion

  • zSecure Audit has been modified so that the PCI-DSS compliance
    rule does not take users with UID 0 into account.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA50398

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-04-25

  • Closed date

    2016-05-30

  • Last modified date

    2016-06-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA81837

Modules/Macros

  •    CKAPC811
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA81837

       UP16/06/01 P F605

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
02 June 2016