A fix is available
APAR status
Closed as new function.
Error description
zSecure Audit support for: z/OS RACF STIG V9R7 and z/OS TSS STIG V9R7.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Compliance Testing * * Framework. * **************************************************************** * PROBLEM DESCRIPTION: Update to support CIS IBM CICS * * Transaction Server Benchmark 1.1.0. * * This standard is available only if your * * organization has a license for zSecure * * Compliance or Z Security and Compliance * * Center. * * * * Support for the following controls is * * added: * * * * o CIS-CICS-1.1.1 Ensure that RACF * * changes are accepted * * immediately * * o CIS-CICS-1.2.1 Ensure that only * * authorized users can * * run transactions * * o CIS-CICS-1.2.2 Ensure that only * * authorized users can * * access resources * * o CIS-CICS-1.3.1 Ensure that SIT * * parameter SEC=YES is * * set in all regions * * o CIS-CICS-1.4.1 Ensure that only * * authorized users can * * issue SPI commands * * o CIS-CICS-1.4.2 Ensure that a user * * requires * * authorization to * * start work under a * * different userid * * o CIS-CICS-2.1.1 Ensure that passwords * * are redacted in line * * traces * * o CIS-CICS-3.1.1 Ensure that no * * unencrypted IP * * connections use * * BASICAUTH * * * * Update to support z/OS STIG: * * * * o IBM z/OS RACF Version 9, Release: 07 * * o IBM z/OS TSS Version 9, Release: 07 * * * * Update to support the following z/OS * * Products STIG for RACF: * * * * o z/OS BMC CONTROL-D STIG for RACF * * Version 7, Release: 02 * * o z/OS BMC CONTROL-M/Restart for RACF * * Version 7, Release: 02 * * o z/OS BMC CONTROL-M STIG for RACF * * Version 7, Release: 02 * * o z/OS BMC CONTROL-O STIG for RACF * * Version 7, Release: 02 * * o z/OS BMC Integrated Operations * * Architecture (IOA) STIG for RACF * * Version 7, Release: 02 * * o z/OS BMC MainView Systems Management * * STIG for RACF Version 7, Release: 02 * * o z/OS CA Auditor STIG for RACF * * Version 7, Release: 02 * * o z/OS CA Common Services STIG for * * RACF Version 7, Release: 02 * * o z/OS CA Management Information * * Control System (MICS) Resource * * Management STIG for RACF Version 7, * * Release: 02 * * o z/OS CA Multi-image Manager (MIM) * * Resource Sharing STIG for RACF * * Version 7, Release: 02 * * o z/OS CA Roscoe Interactive * * Environment STIG for RACF Version 7, * * Release: 02 * * o z/OS CA Vtape Virtual Tape System * * STIG for RACF Version 7, Release: 02 * * o z/OS CA 1 Tape Management STIG for * * RACF Version 7, Release: 02 * * o z/OS Catalog Solutions STIG for RACF * * Version 7, Release: 02 * * o z/OS Compuware Abend-AID STIG for * * RACF Version 7, Release: 02 * * o z/OS Fast Dump Restore (FDR) STIG * * for RACF Version 7, Release: 02 * * o z/OS Front End Processor (FEP) STIG * * for RACF Version 7, Release: 02 * * o z/OS IBM CL/SuperSession STIG for * * RACF Version 7, Release: 02 * * o z/OS IBM Customer Information * * Control System (CICS) Transaction * * Server STIG for RACF Version 7, * * Release: 02 * * o z/OS IBM Hardware Configuration * * Definition (HCD) STIG for RACF * * Version 7, Release: 02 * * o z/OS IBM MQ STIG for RACF Version 7, * * Release: 03 * * o z/OS IBM System Display and Search * * Facility (SDSF) STIG for RACF * * Version 7, Release: 02 * * o z/OS IBM Tivoli® Asset Discovery * * (TADz) STIG for RACF Version 7, * * Release: 02 * * o z/OS IBM Transparent Data Migration * * Facility (TDMF) STIG for RACF * * Version 7, Release: 02 * * o z/OS IBM WebSphere® Application * * Server (WAS) STIG for RACF * * Version 7, Release: 02 * * o z/OS Quest NC-Pass STIG for RACF * * Version 7, Release: 02 * * o IBM Z® NetView for RACF Version 7, * * Release: 02 * * o z/OS SRRAUDIT STIG for RACF * * Version 7, Release: 02 * * o z/OS Vanguard Security Solutions * * (VSS) STIG for RACF Version 7, * * Release: 02 * * * * Update to support the following z/OS * * Products STIG for Top Secret (TSS): * * * * o z/OS BMC CONTROL-D STIG for TSS * * Version 7, Release: 02 * * o z/OS BMC CONTROL-M/Restart for TSS * * Version 7, Release: 02 * * o z/OS BMC CONTROL-M STIG for TSS * * Version 7, Release: 02 * * o z/OS BMC CONTROL-O STIG for TSS * * Version 7, Release: 02 * * o z/OS BMC Integrated Operations * * Architecture (IOA) STIG for TSS * * Version 7, Release: 02 * * o z/OS BMC MainView Systems Management * * TSS for ACF2 Version 7, Release: 02 * * o z/OS CA Auditor STIG for TSS * * Version 7, Release: 02 * * o z/OS CA Common Services STIG for * * TSS Version 7, Release: 02 * * o z/OS CA Management Information * * Control System (MICS) Resource * * Management STIG for TSS Version 7, * * Release: 02 * * o z/OS CA Multi-image Manager (MIM) * * Resource Sharing STIG for TSS * * Version 7, Release: 02 * * o z/OS CA Roscoe Interactive * * Environment STIG for TSS Version 7, * * Release: 02 * * o z/OS CA Vtape Virtual Tape System * * STIG for TSS Version 7, Release: 02 * * o z/OS CA 1 Tape Management STIG for * * TSS Version 7, Release: 02 * * o z/OS Catalog Solutions STIG for TSS * * Version 7, Release: 02 * * o z/OS Compuware Abend-AID STIG for * * TSS Version 7, Release: 02 * * o z/OS Fast Dump Restore (FDR) STIG * * for TSS Version 7, Release: 02 * * o z/OS Front End Processor (FEP) STIG * * for TSS Version 7, Release: 02 * * o z/OS IBM CL/SuperSession STIG for * * TSS Version 7, Release: 02 * * o z/OS IBM Customer Information * * Control System (CICS) Transaction * * Server STIG for TSS Version 7, * * Release: 02 * * o z/OS IBM Hardware Configuration * * Definition (HCD) STIG for TSS * * Version 7, Release: 02 * * o z/OS IBM MQ STIG for TSS Version 7, * * Release: 02 * * o z/OS IBM System Display and Search * * Facility (SDSF) STIG for TSS * * Version 7, Release: 02 * * o z/OS IBM Tivoli® Asset Discovery * * (TADz) STIG for TSS Version 7, * * Release: 02 * * o z/OS IBM Transparent Data Migration * * Facility (TDMF) STIG for TSS * * Version 7, Release: 02 * * o z/OS IBM WebSphere® Application * * Server (WAS) STIG for TSS Version 7, * * Release: 02 * * o z/OS Quest NC-Pass STIG for TSS * * Version 7, Release: 02 * * o IBM Z® NetView for TSS Version 7, * * Release: 02 * * o z/OS SRRAUDIT STIG for TSS * * Version 7, Release: 02 * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** The fix for this APAR provides support for: CIS IBM CICS Transaction Server Benchmark 1.1.0. This standard is available only if your organization has a license for zSecure Compliance or Z Security and Compliance Center. The fix for this APAR provides support for z/OS STIG: o IBM z/OS RACF Version 9, Release: 07 o IBM z/OS TSS Version 9, Release: 07 The fix for this APAR provides support for the following z/OS Products STIG for RACF: o z/OS BMC CONTROL-D STIG for RACF Version 7, Release: 02 o z/OS BMC CONTROL-M/Restart for RACF Version 7, Release: 02 o z/OS BMC CONTROL-M STIG for RACF Version 7, Release: 02 o z/OS BMC CONTROL-O STIG for RACF Version 7, Release: 02 o z/OS BMC Integrated Operations Architecture (IOA) STIG for RACF Version 7, Release: 02 o z/OS BMC MainView Systems Management STIG for RACF Version 7, Release: 02 o z/OS CA Auditor STIG for RACF Version 7, Release: 02 o z/OS CA Common Services STIG for RACF Version 7, Release: 02 o z/OS CA Management Information Control System (MICS) Resource Management STIG for RACF Version 7, Release: 02 o z/OS CA Multi-image Manager (MIM) Resource Sharing STIG for RACF Version 7, Release: 02 o z/OS CA Roscoe Interactive Environment STIG for RACF Version 7, Release: 02 o z/OS CA Vtape Virtual Tape System STIG for RACF Version 7, Release: 02 o z/OS CA 1 Tape Management STIG for RACF Version 7, Release: 02 o z/OS Catalog Solutions STIG for RACF Version 7, Release: 02 o z/OS Compuware Abend-AID STIG for RACF Version 7, Release: 02 o z/OS Fast Dump Restore (FDR) STIG for RACF Version 7, Release: 02 o z/OS Front End Processor (FEP) STIG for RACF Version 7, Release: 02 o z/OS IBM CL/SuperSession STIG for RACF Version 7, Release: 02 o z/OS IBM Customer Information Control System (CICS) Transaction Server STIG for RACF Version 7, Release: 02 o z/OS IBM Hardware Configuration Definition (HCD) STIG for RACF Version 7, Release: 02 o z/OS IBM MQ STIG for RACF Version 7, Release: 03 o z/OS IBM System Display and Search Facility (SDSF) STIG for RACF Version 7, Release: 02 o z/OS IBM Tivoli® Asset Discovery (TADz) STIG for RACF Version 7, Release: 02 o z/OS IBM Transparent Data Migration Facility (TDMF) STIG for RACF Version 7, Release: 02 o z/OS IBM WebSphere® Application Server (WAS) STIG for RACF Version 7, Release: 02 o z/OS Quest NC-Pass STIG for RACF Version 7, Release: 02 o IBM Z® NetView for RACF Version 7, Release: 02 o z/OS SRRAUDIT STIG for RACF Version 7, Release: 02 o z/OS Vanguard Security Solutions (VSS) STIG for RACF Version 7, Release: 02 The fix for this APAR provides support for the following z/OS Products STIG for Top Secret (TSS): o z/OS BMC CONTROL-D STIG for TSS Version 7, Release: 02 o z/OS BMC CONTROL-M/Restart for TSS Version 7, Release: 02 o z/OS BMC CONTROL-M STIG for TSS Version 7, Release: 02 o z/OS BMC CONTROL-O STIG for TSS Version 7, Release: 02 o z/OS BMC Integrated Operations Architecture (IOA) STIG for TSS Version 7, Release: 02 o z/OS BMC MainView Systems Management TSS for ACF2 Version 7, Release: 02 o z/OS CA Auditor STIG for TSS Version 7, Release: 02 o z/OS CA Common Services STIG for TSS Version 7, Release: 02 o z/OS CA Management Information Control System (MICS) Resource Management STIG for TSS Version 7, Release: 02 o z/OS CA Multi-image Manager (MIM) Resource Sharing STIG for TSS Version 7, Release: 02 o z/OS CA Roscoe Interactive Environment STIG for TSS Version 7, Release: 02 o z/OS CA Vtape Virtual Tape System STIG for TSS Version 7, Release: 02 o z/OS CA 1 Tape Management STIG for TSS Version 7, Release: 02 o z/OS Catalog Solutions STIG for TSS Version 7, Release: 02 o z/OS Compuware Abend-AID STIG for TSS Version 7, Release: 02 o z/OS Fast Dump Restore (FDR) STIG for TSS Version 7, Release: 02 o z/OS Front End Processor (FEP) STIG for TSS Version 7, Release: 02 o z/OS IBM CL/SuperSession STIG for TSS Version 7, Release: 02 o z/OS IBM Customer Information Control System (CICS) Transaction Server STIG for TSS Version 7, Release: 02 o z/OS IBM Hardware Configuration Definition (HCD) STIG for TSS Version 7, Release: 02 o z/OS IBM MQ STIG for TSS Version 7, Release: 02 o z/OS IBM System Display and Search Facility (SDSF) STIG for TSS Version 7, Release: 02 o z/OS IBM Tivoli® Asset Discovery (TADz) STIG for TSS Version 7, Release: 02 o z/OS IBM Transparent Data Migration Facility (TDMF) STIG for TSS Version 7, Release: 02 o z/OS IBM WebSphere® Application Server (WAS) STIG for TSS Version 7, Release: 02 o z/OS Quest NC-Pass STIG for TSS Version 7, Release: 02 o IBM Z® NetView for TSS Version 7, Release: 02 o z/OS SRRAUDIT STIG for TSS Version 7, Release: 02
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
OA69139
Reported component name
Z SEC AND COMP
Reported component ID
5655CC100
Reported release
320
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2026-02-26
Closed date
2026-03-26
Last modified date
2026-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ99298
Modules/Macros
CKC@STD CKCHC111 CKCHC121 CKCHC122 CKCHC131 CKCHC141 CKCHC142 CKCHC211 CKCHC311
Fix information
Fixed component name
Z SEC AND COMP
Fixed component ID
5655CC100
Applicable component levels
R320 PSY UJ99298
UP26/03/28 P F603
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSO5Y9T","label":"IBM Z Security and Compliance Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"320","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Document Information
Modified date:
02 April 2026