IBM Support

OA66870: ZCIC0030 ENFORCES CICSUSER AS CICS DEFAULT USER

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ZCIC0030 enforces CICSUSER as CICS default user but DISA does
    not require this.
    The zSecure control should instead use the CKACUST(CICSDEF)
    customization member.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the STIG   *
    *                 compliance control ZCIC0030.                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit checks whether CICS       *
    *                      region default user is set to the       *
    *                      'CICSUSER' value while evaluating       *
    *                      the STIG compliance control ZCIC0030    *
    *                      (CICS System Initialization Table (SIT) *
    *                      parameter values must be specified      *
    *                      according to security requirements)     *
    *                      resulting in false non-compliant        *
    *                      results).                               *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When zSecure Audit performs evaluation of the STIG compliance
    control ZCIC0030 (CICS System Initialization Table (SIT)
    parameter values must be specified according to security
    requirements), it tests whether the CICS region default user is
    set to the string 'CICSUSER'. This is no longer required by
    control ZCIC0030, and thus can result in false non-compliant
    findings.
    

Problem conclusion

  • zSecure Audit has been modified, so that the check whether CICS
    region default user is set to the 'CICSUSER' value is removed
    from the STIG compliance control ZCIC0030 (CICS System
    Initialization Table (SIT) parameter values must be specified
    according to security requirements).
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA66870

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    310

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-08-15

  • Closed date

    2024-09-11

  • Last modified date

    2024-10-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ95931 UJ95932

Modules/Macros

  • C2RHCI30
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R250 PSY UJ95932

       UP24/09/12 P F409

  • R310 PSY UJ95931

       UP24/09/12 P F409

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 October 2024