IBM Support

OA52022: DETERMINATION OF SENSITIVE RESOURCES FOR QSG-LEVEL SECURITY ON MQ IS INCORRECT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Queue Sharing Group level security is used for MQ, the
    determination of sensitive resources is incorrect. This can
    lead to incorrect non-compliant reporting for STIG rule set
    ZWMQ0059.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the STIG   *
    *                 compliance rule ZWMQ0059.                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit STIG compliance rule  *
    *                      ZWMQ0059 might produce incorrect        *
    *                      results.                                *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The zSecure Audit STIG rule ZWMQ0059 (IBM MQ for z/OS command
    resources must be protected in class MQCMDS) reports a
    a non-compliance in cases where the MQ Queue Sharing Group level
    security is used.
    

Problem conclusion

  • zSecure Audit has been modified so that STIG rule ZWMQ0059
    performs properly in cases where the MQ Queue Sharing Group
    level security is used.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA52022

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-01-31

  • Closed date

    2017-05-12

  • Last modified date

    2017-06-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA91856 UA91857

Modules/Macros

  •    CKAGSENS CKRSYDB  GKRGSENS GKRSYDB
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA91856

       UP17/05/15 P F705

  • R221 PSY UA91857

       UP17/05/15 P F705

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
01 June 2017