A fix is available
APAR status
Closed as program error.
Error description
CKFREEZE is missing the individual JES2 STC proclib members if the SSI path is being used to obtain the PAD. This can also result in non-compliant findings for compliance controls which use the R_STC newlist, for example ZCLSR030 and ZCLSR032, if the procedures are STC proclib members rather than MSTR STClib members.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Collect collecting system * * data related to JES2 sensitive data sets for * * zSecure Audit compliance controls ZCLSR030 * * and ZCLSR032. * **************************************************************** * PROBLEM DESCRIPTION: zSecure Collect might skip individual * * JES2 started task members within * * procedure library concatenation * * (PROCLIB). As a result, zSecure Audit * * might report no tested goals as * * evaluated by the ZCLSR030 and ZCLSR032 * * compliance controls. * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When zSecure Collect collects JES2 started task information from JES2 procedure library concatenation (PROCLIB), it might skip individual members within that concatenation, so that collected system configuration data (CKFREEZE) might be missing related information about these members. As result, zSecure Audit will report no goals tested by the following compliance controls: o ZCLSR030: IBM CL/SuperSession started tasks names must be properly defined to the system ACP. o ZCLSR032: IBM CL/SuperSession started tasks must be properly defined to the STARTED resource class. Other compliance controls and audit reports might be affected as well.
Problem conclusion
zSecure Collect has been modified, so that it properly collects JES2 started task information from JES2 procedure library concatenation (PROCLIB) and zSecure Audit will evaluate ZCLSR030 and ZCLSR032 compliance controls correctly.
Temporary fix
Comments
APAR Information
APAR number
OA67145
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
250
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-10-24
Closed date
2024-11-01
Last modified date
2024-12-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ96254
Modules/Macros
CKAOUSDD CKASDDR CKASEND CKFJES2 CKFJES3 CKRCFS CKRCFV GKRCFS GKRCFV GKROUSDD GKRSDDR GKRSEND
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R250 PSY UJ96254
UP24/11/02 P F411
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"250","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
03 December 2024