IBM Support

OA53221: STIG RULE SET ACP00282 GIVES INCORRECT NON-COMPLIANT RESULT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • STIG rule set ACP00282 (CKAGC282) reports non-compliance for
    tests 6.access_other and 7.access_other incorrectly because the
    customization members containing whitelisted ids are not
    checked.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit compliance testing    *
    *                 framework exploiting STIG compliance rule    *
    *                 ACP00282.                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit STIG compliance rule  *
    *                      ACP00282 produces false non-compliant   *
    *                      results for IDs specified in the the    *
    *                      AUTOAUDT, OPERAUDT, SYSPAUDT, and       *
    *                      TSTCAUDT customization members.         *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When an ID is specified in the AUTOAUDT, OPERAUDT, SYSPAUDT, or
    TSTCAUDT customization member, the ACP00282 rule set (MVS
    system commands) reports that ID as non-compliant for resources
    matching the MVS.DISPLAY pattern.
    

Problem conclusion

  • zSecure Audit has been modified so that STIG rule ACP00282
    uses the AUTOAUDT, OPERAUDT, SYSPAUDT, and TSTCAUDT
    customization members to report the compliance results for
    resources matching the MVS.DISPLAY pattern.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA53221

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-23

  • Closed date

    2017-10-18

  • Last modified date

    2017-11-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    OA54044 UA94010 UA94011

Modules/Macros

  •    CKAG@DEF CKAGC282
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA94010

       UP17/10/19 P F710

  • R221 PSY UA94011

       UP17/10/19 P F710

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
01 November 2017