IBM Support

OA66876: INCORRECT NON-COMPLIANT FINDINGS FOR RACF-ES-000080

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Incorrect non-compliant findings for RACF-ES-000080.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the RACF   *
    *                 STIG compliance control RACF-ES-000080.      *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit RACF STIG compliance      *
    *                      control RACF-ES-000080 might report     *
    *                      incorrect non-compliant results.        *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The RACF STIG compliance control RACF-ES-000080 (IBM RACF must
    properly define users that have access to the CONSOLE resource
    in the TSOAUTH resource class) might report incorrect
    non-compliant results as the control contains extraneous and
    unnecessary compliance DOMAIN/RULE specifications.
    

Problem conclusion

  • zSecure Audit has been modified, so that the following
    DOMAIN/RULE specification have been removed from the RACF STIG
    compliance control RACF-ES-000080 (IBM RACF must properly define
    users that have access to the CONSOLE resource in the TSOAUTH
    resource class):
    
     o DOMAIN MCSOPER_res_R_PE / RULE MCSOPER_res_r_permits.
     o DOMAIN MCSOPER_res / RULE MCSOPER_res_general_access and
                            RULE MCSOPER_res_log.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA66876

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    310

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-08-16

  • Closed date

    2024-09-11

  • Last modified date

    2024-10-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ95933 UJ95934

Modules/Macros

  • CKAHE080
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R250 PSY UJ95934

       UP24/09/13 P F409

  • R310 PSY UJ95933

       UP24/09/13 P F409

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 October 2024