OA67495: CIS-OS-7.3.5 DESCRIPTION MENTIONS INCORRECT ICSF RELATED PROFILE NAMES

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• CIS-OS-7.3.5 description mentions incorrect ICSF related profile
  
  names.
  
  The goal descriptions mention profile names prefixed with ICSF
  when the correct profile names are prefixed CSF.
  
  In addition;
  Profile ICSF.CKDS.TOKEN.DEFAULT.LABEL in the description for
  goal 1.CKDS_default_ck should be
  CSF.CKDS.TOKEN.CHECK.DEFAULT.LABEL
  Profile ICSF.PKDS.TOKEN.DEFAULT.LABEL in the description for
  goal 1.PKDS_default_ck should be
  CSF.PKDS.TOKEN.CHECK.DEFAULT.LABEL
  The system newlist documentation for the related flag fields
  ICSF_KSP_CKDS_DEFAULT and ICSF_KSP_PKDS_DEFAULT also need to be
  updated to reflect the correct profile names.
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Admin/Audit exploiting the  *
  *                 system-wide option settings report (newlist  *
  *                 type SYSTEM) and users of zSecure Audit      *
  *                 exploiting z/OS RACF CIS Benchmark           *
  *                 compliance control CIS-OS-7.3.5.             *
  ****************************************************************
  * PROBLEM DESCRIPTION: The zSecure documentation (zSecure      *
  *                      CARLa SELECT/LIST Fields, newlist type  *
  *                      SYSTEM, fields ICSF_KSP_CKDS_DEFAULT    *
  *                      and ICSF_KSP_PKDS_DEFAULT) refers to    *
  *                      incorrect resource names, and the       *
  *                      z/OS RACF CIS Benchmark CIS-OS-7.3.5    *
  *                      compliance control's (Ensure ICSF Key   *
  *                      Store Policy controls are enabled)      *
  *                      goal test descriptions mentions         *
  *                      incorrect  ICSF-related profile names.  *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided and review the        *
  *                 documentation changes.                       *
  ****************************************************************
  The zSecure manual "IBM Security zSecure zSecure CARLa
  SELECT/LIST Fields" refers to incorrect resource names in the
  description of ICSF_KSP_CKDS_DEFAULT and ICSF_KSP_PKDS_DEFAULT
  fields (newlist type SYSTEM).
  The z/OS RACF CIS Benchmark compliance control CIS-OS-7.3.5
  (Ensure ICSF Key Store Policy controls are enabled) provided
  with zSecure Audit mentions incorrect resource name in
  its goals 'GOAL 1.PKDS_default_ck' and 'GOAL 1.CKDS_default_ck'.
  

Problem conclusion

• The "IBM Security zSecure zSecure CARLa SELECT/LIST Fields"
  manual is updated, so that the involved fields refer to the
  correct resource names.
  The zSecure Audit for z/OS RACF CIS Benchmark compliance
  control CIS-OS-7.3.5 (Ensure ICSF Key Store Policy controls are
  enabled) is updated, so the that goal test descriptions refer to
  the correct ICSF-related profile names.
  Please note the documentation as provided with the APAR tracking
  comment data.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ96754

Modules/Macros

• C2R3SYE9 C2R3SYEE CKAHR735
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R310 PSY UJ96754

     UP25/03/07 P F503

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.