Product Documentation
Abstract
A comprehensive list of recommended, generally available (GA) fixes for IBM® Security zSecure® Base releases.
Please note, when zSecure takes part in a Release Beta Program (RBP) alongside z/OS, zSecure PTFs will be published during the RBP which must be applied when installing a zSecure product order from Shopz. These PTFs will generally be supplied with the order, but if the base FMIDs only are applied you will not have fixes for known issues discovered during the RBP.
The RBP PTFs are listed in the relevant tables.
It can take up to 6 months for a published PTF to become part of a Recommended Service Update (RSU). Therefore, if you apply maintenance solely from an RSU, you can still encounter known issues that are resolved by a PTF listed here.
For information, the following document describes the z/OS Consolidated Service Test process used by the RSU packaging team to determine the contents of an RSU, and this process does not include the zSecure suite components:
https://www.ibm.com/support/pages/node/664971
The recommended fixes for zSecure Base included in this document can be relevant to Admin, Audit, Alert, Visual, zSecure Adapters for SIEM and RACF-Offline. The IBM Z Security and Compliance Center component z/OS Compliance Integration Manager may have zSecure base component fixes listed here.
Tables are organized by version in the order they were released.
Content
Recommended fixes table of contents:
zSecure Base Release 3.2.0
zSecure Base Release 3.1.0
zSecure Base Release 2.5.0
zSecure Base Release 3.2.0 | ||
Documentation updates technote: N/A | ||
IBM APAR | IBM Fix | Description |
| OA68625 | UJ98424 | zSecure version 3.2.0 fix pack (October 2025). |
| OA68407 | UJ98323 | With "Use TSO submit" option, submitting a background job can fail in multi screen mode. |
| OA68602 | UJ98294 | Recreate of a PTKTDATA profile with a SSIGNON segment specifying Replay allowed = YES results in an invalid RALTER command. |
| OA68320 | UJ98248 | AU.V Permit generates commands to delete CICS transaction profiles which have a SECPRFX that is not a user or group. |
| OA68048 | UJ98241 | zSecure Audit and zSecure Adapters for SIEM components report license errors with zSCC only license. |
| OA68561 | UJ98239 | Malformed JSON generated for repeated CARLa fields with UTF-8 encoding. |
| OA68575 | UJ98209 | Incorrect non-compliant findings for compliance evaluations due to incorrect Actual value goal test field. |
| OA68577 | UJ98198 | RA.R incorrectly displays the general resource profile Instdata on the ACL entries. |
| OA68509 | UJ98070 | zSecure version 3.2.0 RBP update (September 2025). |
| OA68492 | UJ98069 | zSecure version 3.2.0 RBP update (September 2025). |
| OA68399 | UJ97887 | zSecure version 3.2.0 RBP update (August 2025). |
| OA68406 | UJ97883 | zSecure version 3.2.0 RBP update (August 2025). |
| OA68395 | UJ97882 | zSecure version 3.2.0 RBP update (August 2025). |
| OA67942 | UJ97238 | zSecure version 3.2.0 RBP update (May 2025). |
Additional information | ||
| N/A | ||
zSecure Base Release 3.1.0 | ||
Documentation updates technote: IBM Security zSecure Suite V3.1.0 Documentation Updates | ||
IBM APAR | IBM Fix | Description |
| OA68407 | UJ98324 | With "Use TSO submit" option, submitting a background job can fail in multi screen mode. |
| OA68602 | UJ98295 | Recreate of a PTKTDATA profile with a SSIGNON segment specifying Replay allowed = YES results in an invalid RALTER command. |
| OA68048 | UJ98242 | zSecure Audit and zSecure Adapters for SIEM components report license errors with zSCC only license. |
| OA68561 | UJ98240 | Malformed JSON generated for repeated CARLa fields with UTF-8 encoding. |
| OA68320 | UJ98205 | AU.V Permit generates commands to delete CICS transaction profiles which have a SECPRFX that is not a user or group. |
| OA68525 | UJ98130 | Support the CONTAINED and NEVERCONTAIN properties on a RACF USER profile in zSecure Server and zSecure Admin MERGE function. |
| OA68504 | UJ98128 | SEC/INT APAR. |
| OA68482 | UJ98127 | Sample members for defining the zSecure Admin Command Logger logstream do not specify AUTODELETE(YES). |
| OA68462 | UJ98126 | zSecure Alert setup sample jobs C2PZAIN0 and C2PZAIN1 might not perform as expected. |
| OA68503 | UJ98107 | zSecure Admin's fix for compatibility with RACF APAR OA67467. |
| OA68416 | UJ98086 | After restart of C2PACMON using new or modified user ID consolidation may fail if required RACF permits are missing. |
| OA68449 | UJ98048 | CKRP3EUY panel code contains invalid field name COMPLETION_CODET, instead of COMPLETION_CODE. |
| OA68477 | UJ98009 | New function to provide support for IBM CICS Transaction Server V6R3. |
| OA68473 | UJ97988 | Missing support for generation and validation of Identity Tokens (IDT) with RSA-based signatures in zSecure WebUI. |
| OA68328 | UJ97988 | z/OSMF plug-in for zSecure Admin interface level controls do not work as expected. |
| OA68434 | UJ97976 | Remove the serialization capability on SYSZRACF from zSecure to avoid potential enqueue delays. |
| OA68432 | UJ97960 | zSecure PTF UJ97901 for APAR OA68276 might result in various issues related to profiles in the GLOBAL class. |
| OA68221 | UJ97925 | Alert 1506 is configured for SMF Type 90 records, but uses an SMF Type 80 Select statement, causing no alert to be triggered. |
| OA68319 | UJ97911 | zSecure Admin might generate incorrect ALTDSD RACF command when the 'DFP EncTypes' field value is changed in the UI. |
| OA68276 | PE - See OA68432 | CKR0206 issued for GLOBAL profiles while running reports. |
| OA67653 | UJ97900 | Alert verification fails, due to OPTION statment extending beyond column 72. |
| OA68298 | UJ97860 | CIS-OS-6.5.6 incorrectly reports non-compliance for an ID which only has Stack access and is not an FTP user. |
| OA68190 | UJ97833 | Using a NOT parm in a CARLa Select statement can cause no data to be returned. |
| OA67753 | UJ97769 | ABEND0C1 may be seen with zSecure Alert when SDSF is not installed. |
| OA68258 | UJ97712 | SEC/INT APAR. |
| OA68231 | UJ97672 | Support the CONTAINED and NEVERCONTAIN properties on a RACF USER profile. |
| OA67963 | UJ97671 | ABEND002-04 with message C2P0900E when running C2PACMON or C2POLICE under SUB=MSTR. |
| OA68170 | UJ97605 | ABEND0C4-11 at offset 0001CE in routine CKASERI.ADDSDSF. |
| OA68136 | UJ97583 | CKF0354 08 system abend 0C4-11 (invalid storage address - page) during WRTAGGR processing. |
| OA68103 | UJ97566 | zSecure Audit support for: z/OS RACF STIG V9R4, z/OS ACF2 STIG V9R4, and z/OS TSS STIG V9R4. |
| OA67867 | UJ97537 | When using a SELECT/EXCLUDE LIKELIST=name the previous selection of "name" may not be honoured. |
| OA68106 | UJ97536 | ABEND0C4 in CKRLIST.TRUTRE processing SMF type 64 records. |
| OA67961 | UJ97536 | CKR0595 messages issued in error when processing SMF type 42 subtype 27 records. |
| OA67845 | UJ97529 | CKFCOLL may issue messages CKF0028 or CKF0030 related to SDSNLOD2 dataset names. |
| OA67607 | UJ97505 | Encrypted data sets migrated to HSM then recalled are shown to exist in both locations. |
| OA68102 | UJ97479 | Support for SMF records written by IBM CL/Supersession Session manager (SMF record type 225). |
| OA68008 | UJ97365 | DEFINE WHERE and LOOKUP don't work consistently. |
| OA67882 | UJ97364 | CKRCARLA issues an abend processing SMF data. |
| OA67552 | UJ97360 | TLS_SRVR_CERT_SIG_METHOD and TLS_CLNT_CERT_SIG_METHOD help needs updating and default field length needs to be increased. |
| OA67955 | UJ97337 | CKF1024 messages containing garbage data issued when SETROPTS NOWHEN(PROGRAM) is set. |
| OA67531 | UJ97336 | ICSF_DEFAULTWRAP_EXT_ENH and ICSF_DEFAULTWRAP_INT_ENH flag fields incorrectly reported with ICSF level HCR77E0. |
| OA67694 | UJ97262 | STIG controls ZCTD0040, ZCTO0040 & ZIOAR040 fail due to missing information. |
| OA67779 | UJ97249 | C2PAMALC gives error msg IKJ56712I INVALID KEYWORD when using a DA allocation. |
| OA67799 | UJ97230 | CKF0310 08 BPX1RDL errors when the PROC file system exists. |
| OA67866 | UJ97164 | SEC/INT APAR. |
| OA67778 | UJ97118 | Using CARLa select on multiple ljdates results in no data returned. |
| OA67613 | UJ97071 | zSecure Audit incorrectly reports temporary data sets as JESSPOOL resources. |
| OA67471 | PE - See OA68434 | IBM zSecure suite might cause z/OS system lock due to RACF database ENQ contention in sysplex environment. |
| OA67662 | UJ97010 | Incorrect non-compliant finding for CIS-OS-2.1.9 because the key_label field is missing. |
| OA67217 | UJ96963 | Empty datasets incorrectly reported with "empty encr. cells" in CKF0517 with SYMKEYTEST=Y. |
| OA67560 | UJ96909 | ZWMQ0053 reports incorrect non-compliant finding when DISPLAY QMGR DEADQ returns only the alias dead letter queue name. |
| OA67636 | UJ96867 | CIS-OS-7.1.2 control reports incorrect non-compliant finding when no OMVS segment exists for ICSF STC user ID. |
| OA67343 | UJ96811 | R_AC1 Newlist reports programs in non-APF datasets. |
| OA67497 | UJ96802 | RE.K.D does not show encryption key for second and subsequent parts of multi-volume data sets. |
| OA67479 | UJ96779 | Data for char format variable "C2RESM" was too long. |
| OA67495 | UJ96754 | CIS-OS-7.3.5 description mentions incorrect ICSF related profile names. |
| OA67548 | UJ96749 | zSecure Audit support for: z/OS RACF STIG V9R3, z/OS ACF2 STIG V9R3, and z/OS TSS STIG V9R3. |
| OA67475 | UJ96748 | zSecure Access monitor might issue a MSGC2P0571I followed by a MSGC2P0483W. |
| OA67396 | UJ96743 | Alert 1402 triggered for Comms Server API usage of AF_UNIX sockets. |
| OA67314 | UJ96720 | Encryption status and key for migrated VSAM data sets is not shown. |
| OA67518 | UJ96716 | zSecure Audit might display a 'FILE ISPFILE NOT FREED, IS NOT ALLOCATED' followed by a 'File tailoring error' UI message. |
| OA67536 | UJ96695 | Loop in CKRCFS.CKRRDB2 processing DB2 IATTENT data from the CKFREEZE. |
| OA67273 | UJ96682 | CKN125I 08 I/O request without alloc - intermittently seen when restricting access to route RACF commands via CKNSERVE. |
| OA67481 | UJ96669 | RSignWithCA senstype defined with incorrect resource check. |
| OA67504 | UJ96643 | New function to support granular data set encryption. |
| OA67421 | UJ96631 | ZCTMR040 might report incorrect non-compliant results when the BMC IOA Gateway Monitor component is active. |
| OA67413 | UJ96604 | C2POLICE issuing ENQs with a RESERVE on SYSZRACF causing a deadlock. |
| OA67291 | UJ96576 | zSecure version 3.1.0 SSE (January 2025). |
| OA67279 | UJ96573 | zSecure version 3.1.0 SSE (January 2025). |
| OA67316 | UJ96573 | Syntax parsing errors for quoted parms in KLKINNAM. |
| OA67339 | UJ96551 | Alerts 1501 and 1503 produce syntactically incorrect LEEF data due to a missing close brace, " ". |
| OA67341 | UJ96551 | Using overriding output length 0 with LJDATE(EUDATE) changes the year format. |
| OA67244 | UJ96418 | TRUSTED newlist may not report all resources when run in isolation. |
| OA67205 | UJ96339 | Sensitivities AccMonData and zSecFreeze not reported for TRUSTED newlist. |
| OA67080 | UJ96330 | RACF violations with CKFCOLL using CHECKDSN. |
| OA67173 | UJ96319 | zSecure Audit support for: z/OS RACF STIG V9R2, z/OS ACF2 STIG V9R2, and z/OS TSS STIG V9R2. |
| OA67176 | UJ96268 | CKF0002 04 LOCATE return code 8 on LPALST. |
| OA67129 | UJ96187 | zSecure version 3.1.0 SSE (October 2024). |
| OA66990 | UJ96186 | zSecure version 3.1.0 SSE (October 2024). |
| OA67079 | UJ96186 | zSecure Audit does not report a 'Compare result' column while evaluating compliance rules with 'Compare differences' option active. |
| OA67073 | UJ96186 | High CPU in C2POLICE or zSecure Audit using AS_DD, TRUSTED and SENSDSN reports. |
| OA67028 | UJ96186 | CSVLLA senstype should apply to profiles with any number of qualifiers beyond 2. |
| OA66985 | UJ96186 | When loading DB2 data, trailing spaces are added to some fields. |
| OA66983 | UJ96186 | C2PACMON does not collect access event data with racfexitmode direct or csvdynex. |
| OA66981 | UJ96186 | Certificate labels not shown if SE.0 option "Use IO in preference to storage" is selected. |
| OA66977 | UJ96186 | AU.S EXITS may not report on pre-existing RACF post-processing exits when C2PACMON is in use. |
| OA66959 | UJ96186 | Summary Lastuse date and last used time for RA.U display can be from different RACF sources. |
| OA66434 | UJ96186 | CKR2092 08 Buffer overflow: record len 1 but free only 0 byte, record skipped: . |
| OA66565 | UJ96007 | CKXLOG shows password values for SETROPTS RVARYPW commands. |
| OA66034 | UJ95949 | Value -group- is reported instead of connected user IDs from the RACF_DB2_ACL when configuration IDs are RACF Group IDs. |
| OA66714 | UJ95942 | C2P0589E ERROR CREATING PID-NT, RC=0004 PID=C2P_USC.01010013 seen during system startup, after C2PACMON has initialized. |
| OA66925 | UJ95935 | SITE_SEVERITY specification with CONTROL but without RULE does not cause the expected change in AUDITPRIORITY. |
| OA66876 | UJ95933 | Incorrect non-compliant findings for RACF-ES-000080. |
| OA66870 | UJ95931 | ZCIC0030 enforces CICSUSER as CICS default user but DISA does not require this. |
| OA66962 | UJ95919 | ABEND0C4 at CKAOUNIX.CKAUTHOM+8E when comparing SETROPTS options. |
| OA66919 | UJ95885 | Alert 1617 incorrectly triggered multiple times for the same SMF record. |
| OA66831 | UJ95883 | PROGRAMs residing in non-sensitive datasets are incorrectly reported causing non-compliant findings in compliance controls. |
| OA66914 | UJ95881 | After PTF UJ95655 recreating a userID with a password interval other than the default creates invalid alu interval(xx) command. |
| OA66889 | UJ95838 | z/VM V7.4 toleration. |
| OA66875 | UJ95835 | ABEND0C4-04 at offset 00067E in routine CKROUOPT. |
| OA66874 | UJ95819 | SYSTEM newlist field icsf_P11_MKVP_date not reported correctly. |
| OA66794 | UJ95765 | zSecure Audit support for: z/OS RACF STIG V9R1, z/OS ACF2 STIG V9R1, and z/OS TSS STIG V9R1. |
| OA66841 | UJ95754 | Recreate of CFIELD resource optimized for post-processing does not recreate the installation data field. |
| OA66816 | UJ95728 | Incorrect non-compliant findings for RACF-SL-000030 when multiple CKFREEZE files are allocated. |
| OA66705 | UJ95723 | CKR999I 16 Storage shortage for task PROGRAM heap PROGRAM4 in CKRCARLA - increase REGION. |
| OA66569 | UJ95655 | After APAR OA66357, when recreating a user, a syntax error is reported for the command generated. |
| OA66538 | UJ95633 | CSDATA field in user profile not shown through indirect lookup. |
| OA66630 | UJ95605 | ABEND013-C0 trying to allocate C2REMAIL when running C2POLICE with SUB=MSTR. |
| OA66445 | UJ95476 | CKFCOLL abends with S30A-1C when processing MQ data. |
| OA66469 | UJ95473 | New function to provide support for IBM CICS Transaction Server V6R2. |
| OA66599 | UJ95416 | TRUSTED newlist does not correctly enable pre-selection resulting in long run times. |
| OA66600 | UJ95370 | High CPU in CKQRADAR and CKQCEF. |
| OA66391 | UJ95351 | Excessive CPU consumed with NEWLIST TYPE=RACF_ACCESS_ID due to no pre-selection. |
| OA66411 | UJ95336 | CKFREEZE is missing the individual JES2 STC proclib members if the SSI path is being used to obtain the PAD. |
| OA66212 | UJ95302 | RA.5.2 generates RACDCERT command with parameters ICSF and SIZE(4096) resulting in IRRD125I. |
| OA66471 | UJ95292 | Storage growth running CKGRACF ACCESS commands in REXX in BMC AMI OpsAutomation TSO environment. |
| OA66474 | UJ95282 | zSecure Admin does not display the complex name on non-base segment displays for general resources profiles. |
| OA66448 | UJ95188 | Abend 0C4-10 in CKFLMOD.CKFALM. |
| OA66229 | UJ95177 | Trusted report incorrectly adds 40 to priority causing JESNEWS to be reported as non-compliant. |
| OA66357 | UJ95172 | MFA settings for a userid do not get recreated without selecting CKGRACF support. |
| OA66265 | UJ95136 | ABEND0C4-10 in IGVCPOOL in nucleus, along with message C2P0483W. |
| OA66291 | UJ95112 | Alert 1402 triggered incorrectly for pseudotermial (pseudo-TTYs) files. |
| OA66241 | UJ95071 | Running a compare query (show differences) and then submitting the query from the RESULTS panel results in CKR0002 message. |
| OA65979 | UJ95069 | CKR0305 messages seen when processing RMM CDS tape dataset information in a CKFREEZE. |
| OA66278 | UJ94977 | zSecure version 3.1.0 SSE (March 2024). |
| OA66201 | UJ94977 | Description of allowlist members used is not included in print format compliance output. |
| OA66108 | UJ94852 | Incorrect non-compliant findings for ZWMQ0054 when MQ mixed case support uses class MXQUEUE. |
| OA66140 | UJ94723 | zSecure Audit support for: z/OS RACF STIG V8R13, z/OS ACF2 STIG V8R14, and z/OS TSS STIG V8R12. |
| OA66009 | UJ94705 | If an ALLOC TYPE=ASSERT DSNPREF specification causes a PDS to be included, omit it from the input. |
| OA65920 | PE - See OA66278 | ABEND0C9-09 at offset 000E3A in routine CKFCAT. |
| OA66120 | UJ94672 | CKR0103 12 Field "PHRASEINT_PHRASEINT_EFFECTIVE" to be processed not found in any template. |
| OA65942 | UJ94642 | STIG controls report incorrect results with CL/Supersession 3.1. |
| OA66088 | UJ94637 | zSecure Audit might ABEND0C4 while processing sensitive resource data. |
| OA66102 | UJ94632 | Compliance assertion validity end date is not checked correctly. |
| OA66106 | UJ94615 | SMF support for RACF RVARY password protection enhancement (SETROPTS sub-keyword). |
| OA66055 | UJ94609 | CKR0991 16 Unexpected ANY_ pointer 00000050ABF2A0D0. E3D7C6C9 *TPFI* in CKROBJ. |
| OA66065 | UJ94571 | When selecting a customizable alert the customizaton panel is not shown but we return back to the list of alerts. |
| OA65952 | UJ94487 | Incorrect reporting for RACF-VT-000010. |
| OA65837 | UJ94462 | CKG669I 24 Internal error in procedure CKGIRD. |
| OA65864 | UJ94399 | NEWLIST TYPE=SYSTEM fields not populated correctly because RACF DB information is not referenced. |
| OA65970 | UJ94377 | zSecure Audit might generate incorrect 'SMF subsystem-dependent settings' report. |
| OA65903 | UJ94370 | Control ZCIC0042.1 is not shown for standard RACF_CICS_STIG. |
| OA65931 | UJ94368 | zSecure Audit might generate incomplete AS_DD, SENSDSN, and TRUSTED reports. |
| OA65833 | UJ94310 | Compliance controls do not use effective pre-selection for the ACF2_SENSRESOURCE_ACCESS newlist. |
| OA65618 | PE - See OA65931 | Hyper-PAV alias address usage can result in incorrect audit concerns (false positives). |
| OA65870 | UJ94256 | zSecure Audit support for: z/OS STIG ACF2 8.13, z/OS STIG TSS 8.11, and CIS Benchmark for RACF 1.1.0. |
| OA65817 | PE - See OA65931 | zSecure Audit might loop while processing Address Space DD names/Sensitive data set names reports. |
| OA65839 | UJ94239 | SDSFVaryDev sensitivity reported incorrectly for READ access. |
| OA65835 | UJ94155 | zSecure Audit might issue a MSGCKR0788. |
| OA65789 | UJ94151 | Incorrect UNICODE characters in MIME/HTML email. |
| OA65796 | UJ94145 | AU.R.S for single standard controls reports a version of question mark (?). |
| OA65689 | UJ94143 | Show differences report may show USERID(->) when comparing different RACF DBs. |
| OA65463 | UJ94139 | Activating Alert 1124 causes unnecessary processing of SMF records. |
| OA65769 | UJ94128 | PassTicket generation failure SMF record reported as success in SMF newlist. |
| OA65640 | UJ94120 | Incorrect non-compliant findings for RACF-ES-000240. |
| OA65541 | UJ94068 | Incorrect non-compliant findings for RACF-ES-000540 when CONTROL access is in effect. |
| OA65698 | UJ94045 | Lookup on select of a two-pass query with an Unload does not produce expected results. |
| OA65741 | UJ94042 | RE.K.S shows unprintable key labels with non-zero COUNT_DATASET_BACKUP values. |
| OA65682 | UJ93995 | zSecure issues MSGCKR0316 and MSGCKR0000 in cases where only a Top Secret license is enabled. |
| OA65639 | UJ93979 | SMF type 82 records might have an incomplete SAF resource name. |
| OA65695 | UJ93968 | zSecure might issue a MSGCKR0260 while processing system data (CKFREEZE). |
| OA65641 | UJ93885 | SEC/INT APAR. |
| OA65434 | UJ93846 | Group-audit authority is not properly supported in restricted mode. |
| OA65612 | UJ93844 | CKFCOLL incorrectly determines ACF2 is the ESM if a task called ACF2 is running. |
| OA65469 | UJ93842 | When using ID MUST BE PRESENT in Access Monitor reports the generated CARLa code uses inefficient syntax. |
| OA65538 | UJ93743 | zSecure late September 2023 update in preparation for GA. |
| OA65508 | UJ93673 | zSecure version 3.1.0 RBP update (September 2023). |
| OA65507 | UJ93672 | zSecure version 3.1.0 RBP update (September 2023). |
| OA65506 | UJ93671 | zSecure version 3.1.0 RBP update (September 2023). |
| OA65477 | UJ93658 | zSecure version 3.1.0 RBP update (September 2023). |
| OA65263 | UJ93332 | zSecure version 3.1.0 RBP update (August 2023). |
| OA65266 | UJ93316 | zSecure version 3.1.0 RBP update (August 2023). |
| OA65259 | UJ93315 | zSecure version 3.1.0 RBP update (August 2023). |
| OA64938 | UJ92881 | zSecure version 3.1.0 RBP update (May 2023). |
| OA64937 | UJ92880 | zSecure version 3.1.0 RBP update (May 2023). |
| OA64887 | UJ92876 | zSecure version 3.1.0 RBP update (May 2023). |
Additional information | ||
| N/A | ||
zSecure Base Release 2.5.0 | ||
Documentation updates technote: IBM Security zSecure Suite V2.5.0 Documentation Updates | ||
IBM APAR | IBM Fix | Description |
| OA68503 | UJ98108 | zSecure Admin's fix for compatibility with RACF APAR OA67467. |
| OA68477 | UJ98010 | New function to provide support for IBM CICS Transaction Server V6R3. |
| OA68221 | UJ97926 | Alert 1506 is configured for SMF Type 90 records, but uses an SMF Type 80 Select statement, causing no alert to be triggered. |
| OA67753 | UJ97770 | ABEND0C1 may be seen with zSecure Alert when SDSF is not installed. |
| OA67314 | UJ96721 | Encryption status and key for migrated VSAM data sets is not shown. |
| OA67504 | UJ96644 | New function to support granular data set encryption. |
| OA67339 | UJ96552 | Alerts 1501 and 1503 produce syntactically incorrect LEEF data due to a missing close brace, " ". |
| OA67080 | UJ96331 | RACF violations with CKFCOLL using CHECKDSN. |
| OA67145 | UJ96254 | CKFREEZE is missing the individual JES2 STC proclib members if the SSI path is being used to obtain the PAD. |
| OA67132 | UJ96193 | High CPU in C2POLICE or zSecure Audit using AS_DD, TRUSTED and SENSDSN reports. |
| OA67020 | UJ96140 | C2POLICE cannot delete Extended Monitoring CKFREEZE as it still has an enqueue on it. |
| OA66034 | UJ95950 | Value -group- is reported instead of connected user IDs from the RACF_DB2_ACL when configuration IDs are RACF Group IDs. |
| OA66876 | UJ95934 | Incorrect non-compliant findings for RACF-ES-000080. |
| OA66870 | UJ95932 | ZCIC0030 enforces CICSUSER as CICS default user but DISA does not require this. |
| OA66962 | UJ95920 | ABEND0C4 at CKAOUNIX.CKAUTHOM+8E when comparing SETROPTS options. |
| OA66919 | UJ95886 | Alert 1617 incorrectly triggered multiple times for the same SMF record. |
| OA66914 | UJ95882 | After PTF UJ95655 recreating a userID with a password interval other than the default creates invalid alu interval(xx) command. |
| OA66889 | UJ95839 | z/VM V7.4 toleration. |
| OA66875 | UJ95836 | ABEND0C4-04 at offset 00067E in routine CKROUOPT. |
| OA66551 | UJ95793 | ABEND0C4-10 in IGVCPOOL in NUCLEUS, along with message C2P0483W. |
| OA66841 | UJ95755 | Recreate of CFIELD resource optimized for post-processing does not recreate the installation data field. |
| OA66569 | UJ95656 | After APAR OA66357, when recreating a user, a syntax error is reported for the command generated. |
| OA66538 | UJ95634 | CSDATA field in user profile not shown through indirect lookup. |
| OA66445 | UJ95477 | CKFCOLL abends with S30A-1C when processing MQ data. |
| OA66469 | UJ95474 | New function to provide support for IBM CICS Transaction Server V6R2. |
| OA66391 | UJ95352 | Excessive CPU consumed with NEWLIST TYPE=RACF_ACCESS_ID due to no pre-selection. |
| OA66212 | UJ95303 | RA.5.2 generates RACDCERT command with parameters ICSF and SIZE(4096) resulting in IRRD125I. |
| OA66531 | UJ95294 | Trusted report incorrectly adds 40 to priority causing JESNEWS to be reported as non-compliant. |
| OA66471 | UJ95293 | Storage growth running CKGRACF ACCESS commands in REXX in BMC AMI OpsAutomation TSO environment. |
| OA66448 | UJ95189 | Abend 0C4-10 in CKFLMOD.CKFALM. |
| OA66357 | UJ95173 | MFA settings for a userid do not get recreated without selecting CKGRACF support. |
| OA66291 | UJ95113 | Alert 1402 triggered incorrectly for pseudotermial (pseudo-TTYs) files. |
| OA66241 | UJ95072 | Running a compare query (show differences) and then submitting the query from the RESULTS panel results in CKR0002 message. |
| OA65979 | UJ95070 | CKR0305 messages seen when processing RMM CDS tape dataset information in a CKFREEZE. |
| OA66322 | UJ94994 | zSecure Collect might ABEND0C4 while collecting DASD volume information. |
| OA65920 | PE - See OA66322 | ABEND0C9-09 at offset 000E3A in routine CKFCAT. |
| OA66120 | UJ94672 | CKR0103 12 Field "PHRASEINT_PHRASEINT_EFFECTIVE" to be processed not found in any template at CKRCMDV2 line 6. |
| OA65942 | UJ94643 | STIG controls report incorrect results with CL/Supersession 3.1. |
| OA66106 | UJ94616 | SMF support for RACF RVARY password protection enhancement (SETROPTS sub-keyword). |
| OA66065 | UJ94572 | When selecting a customizable alert the customizaton panel is not shown but we return back to the list of alerts. |
| OA65952 | UJ94488 | Incorrect reporting for RACF-VT-000010. |
| OA65837 | UJ94463 | CKG669I 24 Internal error in procedure CKGIRD. |
| OA65864 | UJ94400 | NEWLIST TYPE=SYSTEM fields not populated correctly because RACF DB information is not referenced. |
| OA65970 | UJ94378 | zSecure Audit might generate incorrect 'SMF subsystem-dependent settings' report. |
| OA65931 | UJ94369 | zSecure Audit might generate incomplete AS_DD, SENSDSN, and TRUSTED reports. |
| OA65833 | UJ94311 | Compliance controls do not use effective pre-selection for the ACF2_SENSRESOURCE_ACCESS newlist. |
| OA65618 | UJ94270 | Hyper-PAV alias address usage can result in incorrect audit concerns (false positives). |
| OA65817 | PE - See OA65931 | zSecure Audit might loop while processing Address Space DD names/Sensitive data set names reports. |
| OA65839 | UJ94240 | SDSFVaryDev sensitivity reported incorrectly for READ access. |
| OA65835 | UJ94156 | zSecure Audit might issue a MSGCKR0788. |
| OA65796 | UJ94146 | AU.R.S for single standard controls reports a version of question mark (?). |
| OA65689 | UJ94144 | Show differences report may show USERID(->) when comparing different RACF DBs. |
| OA65463 | UJ94140 | Activating Alert 1124 causes unnecessary processing of SMF records. |
| OA65769 | UJ94129 | PassTicket generation failure SMF record reported as success in SMF newlist. |
| OA65640 | UJ94121 | Incorrect non-compliant findings for RACF-ES-000240. |
| OA65779 | UJ94108 | SEC/INT APAR. |
| OA65541 | UJ94069 | Incorrect non-compliant findings for RACF-ES-000540 when CONTROL access is in effect. |
| OA65698 | UJ94046 | Lookup on select of a two-pass query with an Unload does not produce expected results. |
| OA65741 | UJ94043 | RE.K.S shows unprintable key labels with non-zero COUNT_DATASET_BACKUP values. |
| OA65682 | UJ93996 | zSecure issues MSGCKR0316 and MSGCKR0000 in cases where only a Top Secret license is enabled. |
| OA65639 | UJ93980 | SMF type 82 records might have an incomplete SAF resource name. |
| OA65641 | UJ93886 | SEC/INT APAR. |
| OA65434 | UJ93847 | Group-audit authority is not properly supported in restricted mode. |
| OA65612 | UJ93845 | CKFCOLL incorrectly determines ACF2 is the ESM if a task called ACF2 is running. |
| OA65469 | UJ93843 | When using ID MUST BE PRESENT in Access Monitor reports the generated CARLa code uses inefficient syntax. |
| OA65493 | UJ93749 | Emergency subsystem incorrectly reported as an NJE node by zSecure Audit. |
| OA65509 | UJ93733 | Abend 0C4-10 at offset 000374 in routine CKFIMS.CKFIMSA. |
| OA65444 | UJ93641 | z/OS STIG version 8.12 support in zSecure Audit. |
| OA65436 | UJ93640 | CKRCARLA incorrectly picking up old data set names from inactive CA1 DSNB records. |
| OA65342 | UJ93630 | zSecure MERGE function does not support PHRASEINT and generates invalid RACF commands. |
| OA65268 | UJ93585 | Records from CKXLOG logstreams might be assigned to incorrect COMPLEX if matching CKFREEZE for the SYSTEM is not available. |
| OA65186 | UJ93531 | Handle non-existent data set names in JES2 PROCLIB statements. |
| OA65178 | UJ93528 | Alerts 1214 and 1409 report on NAME field which is not available in the SMF records which trigger them. |
| OA65308 | UJ93491 | Incorrect non-compliant findings for RACF-ES-000850 when non-base segments exist. |
| OA65306 | UJ93464 | Japanese translation of the audit concern ID 1677. |
| OA65293 | UJ93391 | A CARLa report across many systems might be terminated early due to idle-client detection. |
| OA65118 | UJ93312 | Alert 1121 triggered incorrectly. |
| OA65141 | UJ93264 | CKRCARLA issues CKR1475 when running inside Access Monitor. |
| OA65179 | UJ93262 | Missing end of comment code in member C2RH@INS. |
| OA65110 | UJ93261 | zSecure Access Monitor reporting function might issue an ABEND0C4. |
| OA65146 | UJ93260 | Incorrect non-compliant findings for RACF-ES-000380. |
| OA65175 | UJ93235 | Receiving allocation error IKJ56228I at zSecure dialog startup for CKRCMD file. |
| OA65148 | UJ93228 | Add audit concern for UPDATE access to master catalog. |
| OA65184 | UJ93218 | SE.D.N error message when trying to change Menu Option back to zSecure Default. |
| OA65171 | UJ93193 | S878 or 80A when running zSecure within RACF-Offline session. |
| OA65137 | UJ93182 | Messages from RACF commands that are issued on remote CKNSERVE are not visible in local client. |
| OA65013 | UJ92966 | Running RA.3.G more than once in a single ISPF session results in CKR0391 errors. |
| OA65021 | UJ92964 | z/OS STIG version 8.11 support in zSecure Audit. |
| OA64881 | UJ92884 | PKCS12 format password omitted from generated RACDCERT ADD command. |
| OA64739 | UJ92870 | ACL indirect lookup query not returning results from CSDATA. |
| OA64563 | UJ92815 | CKR1483 12 Syslog message SYSSTAT has more than 1 line. |
| OA64782 | UJ92799 | zSecure Alert issues alert 1402 during standard SSHD recovery processing. |
| OA64829 | UJ92790 | Non-compliant findings for RACF-OS-000210 as DIGTCERT profiles do not have UACC=NONE. |
| OA64797 | UJ92769 | Print format RA.U with output options to show KERB segments fails with CKR0218. |
| OA64695 | UJ92647 | Performance improvement for SMF 1154-97 goal processing. |
| OA64718 | UJ92637 | Specifying "M" to email report from RESULTS panel truncates attachment sent. |
| OA64684 | UJ92629 | zSecure Admin/Audit might display an 'Unsupported type' message while using the IN.F function in interactive mode. |
| OA64698 | UJ92614 | CKR1508 24 CKRESRC.GETRESN empty resource name class JESINPUT. |
| OA64562 | UJ92424 | CKF0028 08 SVC 99 RC=12 DAIRFAIL code 035C 0002. |
| OA64509 | UJ92403 | Abend 0C4 in Access monitor STC in module C2PIORTN when collecting Unix data. |
| OA64504 | UJ92403 | AU.R.S results in CKR0425 12 Field "LIMIT" to be processed not valid for NEWLIST TYPE=COMPLIANCE at CKRCMDV line 4. |
| OA63932 | UJ92293 | Alert Verify fails with CKR0987 when specifying :destination.field for text message destination. |
| OA64158 | PE - See OA63932 | Alert 1411 does not report GROUP names used on the PERMIT command. |
| OA64304 | UJ92243 | Empty daily consolidation file on LPARs with few resources. |
| OA64401 | UJ92218 | zSecure version 2.5.0 SSE (February 2023). |
| OA64305 | UJ92215 | zSecure version 2.5.0 SSE (February 2023). |
| OA64225 | UJ92214 | zSecure version 2.5.0 SSE (February 2023). |
| OA64178 | UJ92039 | ABEND0C4-11 in CKFCOLL.HLLENQISGST+X'F8' during C2POLICE execution. |
| OA64085 | UJ92031 | Recreate of RACFVARS profile results in member lists being reversed. |
| OA63700 | UJ09748 | SEC/INT APAR. |
| OA64095 | UJ09724 | C2PACMON, C2POLICE, CKQEXSMF, and CKXLOG may abend during RESTART processing. |
| OA64080 | UJ09721 | ABEND0C4 in C2POLICE at end of CKRCARLA processing. |
| OA64069 | UJ09720 | TRUSTED newlist results in CKR0703 errors when multiple complexes are allocated. |
| OA64000 | UJ09704 | SHA2 related hash algorithms reported as SHA-224, SHA-256, SHA-384 and SHA-512 which does not match Comms Server IP. |
| OA63970 | UJ09702 | zSecure SMF reporting shows a TLS key exchange method of DHE-EC. |
| OA64070 | UJ09701 | zSecure Access Monitor might report incorrect use counts if the CONSOLIDATE command is used. |
| OA64053 | UJ09686 | High CPU in CKRVCONF processing catalog information from a CKFREEZE. |
| OA64009 | UJ09685 | CKF0002 04 LOCATE return code 8 on PROGxx LNKLST data set. |
| OA64013 | UJ09674 | CKR0529 12 Invalid ACCESS VALUE "CREATE ". |
| OA64056 | UJ09629 | zSecure ACF2 Nextkey expansion shows all rules. |
| OA63686 | UJ09584 | MSGCKR2216 received for multiple audit concerns applicable to the same UNIX file sensitivity type. |
| OA63882 | UJ09541 | CKR1952 24 CKRPUTV: Invalid element length for SRCIP. |
| OA63894 | UJ09533 | Error when attempting to "W"rite to a data set from the RESULTS screen. |
| OA63540 | UJ09479 | Incorrect results when using Access Monitor router exit (C2PRTY00) in combination with existing ICHRTX00. |
| OA63822 | UJ09447 | CKR0989 04 Unexpected word "A4CFG1)," at LPALST00 line 1 following application of APAR OA63769. |
| OA63868 | UJ09424 | CKR1483 error for alert 1306. |
| OA63844 | UJ09409 | Receiving "IRR421I ACEE modification detected" with C2POLICE. |
| OA63716 | UJ09363 | CKR0988 12 Syntax error when selecting all options on the zERT selection panels. |
| OA63769 | PE - See OA63822 | CKF0987 04 Syntax error: field name expected instead of dsname at ".),". |
| OA63698 | UJ09270 | CKFCOLL issues S0C4-11 for module CKFPDSE.TRCEIDR. |
| OA63751 | UJ09264 | ABEND0C4-10 in C2PUSC02. |
| OA63393 | UJ09263 | AM.U report panels show jobname unconditionally. |
| OA63753 | UJ09243 | z/VM V7.3 toleration. |
| OA63746 | UJ09238 | JOBTAG field not populated for CICS SMF type 110 records. |
| OA63748 | UJ09226 | STIG ACP00282 does not take into consideration profiles which are less generic than the MVS.START.STC.mmmmmmmm.ssssssss. |
| OA63677 | UJ09162 | Fix pack for IBM Z Security and Compliance Center 1.1 support. |
| OA63649 | UJ09128 | C2POLICE might show CKRCARLA ENQ issues for CKFREEZE file. |
| OA63696 | UJ09115 | Incorrect non-compliant findings for ruleset ZCIC0040. |
| OA63637 | UJ09015 | Improve error messages for missing SCKACUST/SCKACUSV product libraries. |
| OA63644 | UJ09011 | Refresh of Alert configuration fails with "Not authorized for ULOG". |
| OA63666 | UJ09095 | ABEND0C4 in CKRGEVL. |
| OA63093 | UJ08952 | Using DEVICE_CLASS=DASD still results in tape devices being read. |
| OA63542 | UJ08862 | RA.5.1 selection from "Other fields" panel overwrites previous selection. |
| OA63471 | UJ08855 | When an ALLOC statement has TYPE=RACF but the dataset allocated is a zSecure Unload, an ABEND0C1 occurs. |
| OA63515 | UJ08854 | Abend 0C4-04 in routine CKRLIST.#A@CLC while processing JFCB information in a CKFREEZE. |
| OA63536 | UJ08835 | SEC/INT APAR. |
| OA63226 | UJ08796 | SEC/INT APAR. |
| OA63454 | UJ08794 | Specification of OPTION EMPTYLIST=HIDE prevents NEWLIST EMPTYLIST='XXXX' from being effective. |
| OA63382 | UJ08788 | Recovery/retry in program calls C2PUSCPC and C2PSMFPC fails for some abends. |
| OA63159 | UJ08771 | Alert 1125 trigger conditions incorrect. |
| OA63135 | UJ08719 | CKGRACF CMD COMPLETE DENY does not change the status of the queued ASK command. |
| OA63225 | UJ08663 | SVC scan incorrectly detects SVC 222 in IBM SVCs on ACF2 system. |
| OA63085 | UJ08626 | RE.F.M selection from "Other fields" panel overwrites previous selection. |
| OA63358 | UJ08625 | CKF0305 08 BPX1CHD failed rc=000000A4 reason=EDF66220. |
| OA63372 | UJ08616 | Support for RACF/SAF APARs OA61951 and OA61952 for phrase interval display and management. |
| OA63366 | UJ08601 | zSecure version 2.5.0 SSE (May 2022) - Adapters for SIEM - TSS. |
| OA63352 | UJ08589 | zSecure version 2.5.0 SSE (May 2022) - Audit for TSS. |
| OA63353 | UJ08588 | zSecure version 2.5.0 SSE (May 2022) - Adapters for SIEM - RACF. |
| OA63338 | UJ08576 | zSecure version 2.5.0 SSE (May 2022) - Audit for RACF. |
| OA63333 | UJ08572 | zSecure version 2.5.0 SSE (May 2022). |
| OA63332 | UJ08571 | zSecure version 2.5.0 SSE (May 2022). |
| OA63110 | UJ08499 | ABEND0C4 in C2PRTY00 - the SAF router exit for PROGRAM class. |
| OA62611 | UJ08431 | RA.2 - When trying to delete a PR command the error message is confusing. |
| OA63114 | UJ08331 | CKR0286 messages issued for SENSDSN reporting. |
| OA63173 | UJ08291 | zSecure version 2.5.0 SSE (May 2022). |
| OA62936 | UJ08272 | CKX216E IXGWRITE Failed, RC=00000008-00000806. |
| OA63092 | UJ08219 | New function to provide support for IBM CICS Transaction Server V6R1. |
| OA62484 | UJ08196 | CKF0000 04 Control block hcct omitted because of protection exception. |
| OA62896 | UJ08096 | Flag for expired passphrase not available from RA.U summary display. |
| OA62982 | UJ08018 | CKR0981 and CKR0983 if PROGxx contains an EXIT DELETE statement. |
| OA62803 | UJ07997 | Enhancement to cater for remote syslog devices that break newly established TCP connections. |
| OA62912 | UJ07993 | DSN_MEMBER fields LAST_CHANGE and LAST_CHANGE_USERID empty for PDS members. |
| OA62914 | UJ07987 | CKF0588 08 system abend 0C4-11 (invalid storage address - page) accessing OMVS kernel address space OMVS ASID 0010. |
| OA62821 | UJ07987 | CKF0592 error messages when running CKFCOLL. |
| OA62862 | UJ07911 | ID lookup from ACL field to a target field in a non-BASE segment produces no output when indexed I/O is used to read a RACF DB. |
| OA62514 | UJ07910 | C2POLICE reports error messages CKR0213 and CKF0178. |
| OA62745 | UJ07706 | Message CKR3215 issued if a dsn member allocation exceeds 44 characters. |
| OA62761 | UJ07689 | C2PACMON abend recovery does not remove UNIX exit routines. |
| OA62663 | UJ07645 | Collect started task may be automatically started by C2POLICE when Option CollectTime(0000) is set. |
| OA62694 | UJ07612 | When omitting explicit complex names on ALLOC statements, matching CKFREEZE files are not automatically provided. |
| OA62593 | UJ07594 | CKR0304, CKR0307, CKR0308 and CKR0311 messages seen when CA1 TMC data set migration info in a CKFREEZE is processed via CKNSERVE. |
| OA62572 | UJ07587 | Print format of RA.U/G/R/D with "Shows differences" does not report the differences. |
| OA62634 | UJ07580 | IRR421I ACEE MODIFICATION DETECTED FOR C2POLICE. |
| OA62592 | UJ07481 | CKR1483 error for alert 1401 for RACF rename DACCESS violation. |
| OA62474 | PE - See OA62745 | System symbols not resolved prior to CKRCARLA obtaining ENQ. |
| OA60881 | UJ07446 | TRUSTED newlist shows user ID has access to a data set, even when it has PERMIT AC(NONE). |
| OA62454 | UJ07411 | CKF0991 16 Unexpected UNIT pointer 00000000. 000A0000 * . * in CKFMAIN.CONTEXT - user abend 991. |
| OA62470 | UJ07261 | Panelid C2RP3SI2 does not account for PFKeys and Swapbar. |
| OA62481 | PE - See OA62634 | IRR421I ACEE modification detected for C2POLICE. |
| OA62292 | UJ07204 | zSecure 2.5.0 post-GA update (December 2021). |
| OA62480 | UJ07185 | Modify CKGRACF to ease interfacing with password synchronization tools. |
| OA62440 | UJ07181 | CONVERT to SMFTIME or SMFTIMESTAMP does not work correctly in print mode (SUMMARY). |
| OA62359 | UJ07160 | ABEND0C4-11 in CKR8Z12 occasionally seen in CKNSERVE. |
| OA61790 | UJ07152 | The C2PCBLD procedure does not substitute the C2POLICE variable used in a custom alert skeleton. |
| OA62395 | UJ07126 | CKRZPOST tries to copy members which no longer exist. |
| OA62411 | UJ07090 | zSecure Audit might ABEND0C7 while processing various reports which refer to CICS related data stored in a CKFREEZE data set. |
| OA62377 | UJ06994 | RECORDDESC for SMF type 119(70) does not report AT-TLS. |
| OA62340 | UJ06950 | Certificate related sensitivity types not reported when DIGTCERT class is inactive. |
| OA62303 | PE - See OA62411 | TRUSTED report does not correctly reflect protection with ACF2/CICS. |
| OA62236 | UJ06844 | RACF SMF TYPE=80 events with a missing CLASS do not result in a LEEF record being generated. |
| OA62249 | UJ06826 | Detail missing from RECORDDESC field for ACCESS events. |
| OA61208 | UJ06652 | zSecure version 2.5.0 RBP update (September 2021). |
| OA62111 | UJ06651 | zSecure version 2.5.0 RBP update (September 2021). |
| OA61867 | UJ06160 | zSecure version 2.5.0 RBP update (July 2021). |
| OA61865 | UJ06156 | zSecure version 2.5.0 RBP update (July 2021). |
| OA61322 | UJ06156 | Support for RACF databases in VSAM format. |
| OA61665 | UJ05924 | zSecure version 2.5.0 RBP update (June 2021). |
| OA61421 | UJ05576 | zSecure version 2.5.0 RBP update (May 2021). |
| OA61401 | UJ05574 | zSecure version 2.5.0 RBP update (May 2021). |
| OA61420 | UJ05573 | zSecure version 2.5.0 Release Beta Program (RBP) update (May 2021). |
| OA61308 | UJ05374 | z/OS 2.5 compatibility. |
Additional information | ||
| N/A | ||
[{"Type":"MASTER","Line of Business":{"code":"LOB70","label":"Z TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"ARM Category":[{"code":"a8m0z000000bm5wAAA","label":"zSecure Admin"}],"ARM Case Number":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.5.0;3.1.0"},{"Type":"MASTER","Line of Business":{"code":"LOB70","label":"Z TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SST66D","label":"IBM zSecure Admin"},"ARM Category":[{"code":"a8m0z000000GoZvAAK","label":"zSecure Admin-\u003EInstallation \/ Configuration \/ Upgrade \/ Usage \/ Planning"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"3.2.0"}]
Was this topic helpful?
Document Information
Modified date:
19 November 2025
UID
swg27010596