IBM Support

OA53222: STIG RULE SET ZWMQ0054 GIVES INCORRECT NON-COMPLIANT RESULT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • STIG rule set ZWMQ0054 gives incorrect non-compliant result.
    The access needed by the MQ Channel Initiator (MQCI) is not
    taken into account.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting STIG       *
    *                 compliance rule ZWMQ0054.                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit STIG compliance rule  *
    *                      ZWMQ0054 does not check if the Channel  *
    *                      Initiator (MQCI) is allowed to have     *
    *                      ALTER or CONTROL access on MQQUEUE      *
    *                      profiles.                               *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The zSecure Audit STIG compliance rule ZWMQ0054 (MQ QUEUE
    protection) does not check if the Channel Initiator (MQCI) is
    allowed to have ALTER and CONTROL access on MQQUEUE profiles
    leading to non-compliant findings.
    

Problem conclusion

  • zSecure Audit has been modified so that STIG rule ZWMQ0054
    now finds ALTER and CONTROL access for MQQUEUE profiles for the
    Channel Initiator (MQCI) compliant.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA53222

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-23

  • Closed date

    2017-08-10

  • Last modified date

    2017-09-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA93094 UA93095

Modules/Macros

  •    CKAGWM54
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA93094

       UP17/08/12 P F708

  • R221 PSY UA93095

       UP17/08/12 P F708

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
02 September 2017