IBM Support

OA66108: INCORRECT NON-COMPLIANT FINDINGS FOR ZWMQ0054 WHEN MQ MIXED CASE SUPPORT USES CLASS MXQUEUE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Incorrect non-compliant findings for ZWMQ0054 when MQ mixed case
    support uses class MXQUEUE.
    
    When MQ region mixed case security support is enabled (
    SCYCASE(MIXED) ) the RACF profiles used are in class MXQUEUE,
    but control ZWMQ0054 only checks class MQQUEUE.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting RACF STIG  *
    *                 compliance controls ZWMQ0054, ZWMQ0055,      *
    *                 ZWMQ0056, and ZWMQ0057.                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit might report incorrect    *
    *                      non-compliant findings in cases where   *
    *                      MQ region mixed case security support   *
    *                      is enabled (the SCYCASE(MIXED) message  *
    *                      queue manager parameter is in effect).  *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When MQ manager uses mixed case RACF security profiles, the
    following RACF STIG compliance controls provided by zSecure
    Audit might report incorrect non-compliant findings because of
    an incorrect RACF class test (no MXQUEUE class is tested):
    
     o ZWMQ0054: IBM MQ for z/OS resources defined to the MQQUEUE
                 resource class must be protected in accordance with
                 security requirements.
     o ZWMQ0055: IBM MQ for z/OS process resources must be protected
                 in accordance with security requirements.
     o ZWMQ0056: IBM MQ for z/OS namelist resources must be
                 protected in accordance with security requirements.
     o ZWMQ0057: IBM MQ for z/OS alternate user resources defined to
                 MQADMIN resource class must be properly protected.
    

Problem conclusion

  • zSecure Audit has been modified, so that RACF STIG compliance
    controls ZWMQ0054, ZWMQ0055, ZWMQ0056, and ZWMQ0057 does not
    report incorrect non-compliant findings in cases where MQ region
    mixed case security support is enabled.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA66108

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    310

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-02-08

  • Closed date

    2024-05-30

  • Last modified date

    2024-06-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ94852 OA66558

Modules/Macros

  • C2R3IO25 C2R3IO26 C2R3SYH@ C2R3SYHZ C2RDRAS  C2RDRASD C2RT3SEG
    C2RT3SO1 C2RT3SOA C2RT3SOD C2RT3T@1 CKAGSENS CKAHWM54 CKAHWM55
    CKAHWM56 CKAHWM57 CKARCMD  CKFINIT  CKFRACF  CKRCDTIN CKRCFS
    CKRDSD80 CKRDSR80 CKRFDEF  CKRFDSY  CKRFMT   CKRINLT  CKRINMO
    CKRLSD13 CKRLSD80 CKRLSR13 CKRLSR80 CKROUICB CKROUNIT CKROUOPT
    CKRXJPND CKRXJPNE GKRCDTIN GKRCFS   GKRFDEF  GKRFDSY  GKRFMT
    GKRGSENS GKRINLT  GKRINMO  GKROUICB GKROUNIT GKROUOPT GKRRCMD
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R310 PSY UJ94852

       UP24/05/31 P F405

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 June 2024