IBM Support

OA66831: PROGRAMS RESIDING IN NON-SENSITIVE DATASETS ARE INCORRECTLY REPORTED CAUSING NON-COMPLIANT FINDINGS IN COMPLIANCE CONTROLS

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • PROGRAMs residing in non-sensitive datasets are incorrectly
    reported causing non-compliant findings in compliance controls.
    
    The non-compliant findings occur because RACF_PROFILE is missing
    for the programs which are incorrectly reported. This can occur
    in controls such as RACF-SM-000010 and ZSEC-00-000160.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 the RESOURCE newlist for class PROGRAM and   *
    *                 users of zSecure Audit compliance testing    *
    *                 framework evaluating compliance controls     *
    *                 which use the RESOURCE newlist for class     *
    *                 PROGRAM.                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit might include             *
    *                      non-sensitive program resources into    *
    *                      the RESOURCE report in cases where      *
    *                      newlist selection statement specifies   *
    *                      program sensitivity type(s).            *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When SELECT/EXCLUDE expression for the RESOURCE report specifies
    program resources (class=PROGRAM) and sensitivity types
    ((PRIV_)SENSTYPE), the zSecure Audit also reports non-sensitive
    program resource. Compliance controls which use similar resource
    selection might report incorrect findings (like missing RACF
    profile).
    

Problem conclusion

  • zSecure Audit has been modified, so that non-sensitive program
    resources are not reported by the RESOURCE report for PROGRAM
    class in cases where the report selection criteria specifies
    program sensitivity type(s).
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA66831

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    310

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-08-01

  • Closed date

    2024-08-30

  • Last modified date

    2024-09-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ95883

Modules/Macros

  • CKRLMOD  GKRLMOD
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R310 PSY UJ95883

       UP24/08/31 P F408

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 September 2024