A fix is available
APAR status
Closed as new function.
Error description
ACF2 data set related STIG controls SSE for zSecure Audit for ACF2
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Audit for ACF2 Compliance * * Testing Framework. * **************************************************************** * PROBLEM DESCRIPTION: New STIG compliance rules for zSecure * * Audit for ACF2 Compliance Testing * * Framework. * **************************************************************** * RECOMMENDATION: Apply the PTF provided and review the * * published documentation updates. * **************************************************************** The zSecure Audit for ACF2 Compliance Testing Framework is extended with the following STIG compliance rules: - ACP00010: Restrict WRITE, ALLOC, and READ access to SYS1.PARMLIB. - ACP00020: Restrict WRITE and ALLOC access to SYS1.LINKLIB. - ACP00030: Restrict WRITE and ALLOC access to SYS1.SVCLIB. - ACP00040: Restrict WRITE and ALLOC access to SYS1.IMAGELIB. - ACP00050: Restrict WRITE and ALLOC access to SYS1.LPALIB. - ACP00060: Restrict WRITE and ALLOC access to APF authorized libraries. - ACP00070: Restrict WRITE and ALLOC access to LPA libraries. - ACP00080: Restrict WRITE and ALLOC access to SYS1.NUCLEUS - ACP00110: Restrict WRITE and ALLOC access to LINKLIST libraries. - ACP00120: Restrict WRITE, ALLOC, and READ access to ACP data sets. - ACP00130: Restrict WRITE and ALLOC access to the Master Catalog. - ACP00135: Restrict ALLOC access to User Catalogs. - ACP00150: Restrict WRITE and ALLOC access to JES system data sets. - ACP00170: Restrict WRITE, ALLOC, and READ access to SYS1.UADS. - ACP00180: Restrict WRITE and ALLOC access to SMF libraries. - ACP00230: Restrict WRITE, ALLOC, and READ access to Page data sets. - ACP00250: Restrict WRITE and ALLOC access to system STC and TSO procedures. - ACF00395: Use specified cryptography to protect passwords and password phrases.
Problem conclusion
Temporary fix
Comments
zSecure Audit for ACF2 Compliance Testing Framework has been extended to support new STIG data set related compliance rules. PLEASE NOTE the documentation updates and enhancements can be found as the TechNotes at the following locations: http://www.ibm.com/support/docview.wss?uid=swg21692978 http://www.ibm.com/support/docview.wss?uid=swg22005447
APAR Information
APAR number
OA52753
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
221
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-05-05
Closed date
2017-06-30
Last modified date
2017-08-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA92494
Modules/Macros
CKADSTD CKAFDEFA CKAIRULE CKALSTD CKAOUCMP CKAOUSEN CKRACT CKRACTQ CKRDBGS CKRINLT CKRINMO CKRINPL CKRINPO CKRINPZ CKROBJ CKROUNIT C2R3AY0K C2R3AY0L C2R3AY0M C2R3AY0N C2R3EC0B C2R3EC0C C2R3EC0E C2R3EC0T C2R3EC0U C2R3EC06 C2R3EC08 C2R3ES06 C2R3ES08 GKRACT GKRACTQ GKRDBGS GKRFDEFA GKRINLT GKRINMO GKRINPL GKRINPO GKRINPZ GKROBJ GKROUCMP GKROUNIT GKROUSEN
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R221 PSY UA92494
UP17/07/04 P F707
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
16 August 2024