A fix is available
APAR status
Closed as program error.
Error description
PROGRAMs residing in non-sensitive datasets are incorrectly reported causing non-compliant findings in compliance controls. The non-compliant findings occur because RACF_PROFILE is missing for the programs which are incorrectly reported. This can occur in controls such as RACF-SM-000010 and ZSEC-00-000160.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Audit exploiting the * * the RESOURCE newlist for class PROGRAM and * * users of zSecure Audit compliance testing * * framework evaluating compliance controls * * which use the RESOURCE newlist for class * * PROGRAM. * **************************************************************** * PROBLEM DESCRIPTION: zSecure Audit might include * * non-sensitive program resources into * * the RESOURCE report in cases where * * newlist selection statement specifies * * program sensitivity type(s). * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When SELECT/EXCLUDE expression for the RESOURCE report specifies program resources (class=PROGRAM) and sensitivity types ((PRIV_)SENSTYPE), the zSecure Audit also reports non-sensitive program resource. Compliance controls which use similar resource selection might report incorrect findings (like missing RACF profile).
Problem conclusion
zSecure Audit has been modified, so that non-sensitive program resources are not reported by the RESOURCE report for PROGRAM class in cases where the report selection criteria specifies program sensitivity type(s).
Temporary fix
Comments
APAR Information
APAR number
OA66831
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
310
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-08-01
Closed date
2024-08-30
Last modified date
2024-09-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ95883
Modules/Macros
CKRLMOD GKRLMOD
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R310 PSY UJ95883
UP24/08/31 P F408
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
03 September 2024