A fix is available
APAR status
Closed as program error.
Error description
STIG ACP00282 does not take into consideration profiles which are less generic than the MVS.START.STC.mmmmmmmm.ssssssss It is expected that zSecure will examine any profile that should cover a resource. For example, MVS.START.STC.mbrname.jobname However zSecure does not take into account profiles which are more specific than the generic MVS.START.STC.** profile. zSecure should take the less generic profiles into consideration when performing the compliance check in order to find profiles that are not compliant
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Audit exploiting the STIG * * ACP00282 compliance rule set and newlist * * type RESOURCE. * **************************************************************** * PROBLEM DESCRIPTION: zSecure Audit RACF STIG compliance rule * * set ACP00282 (z/OS system operator * * commands must be protected properly) * * might generate incorrect results. * * Newlist type RESOUCE might incorrectly * * report the RACF profile (field * * RACF_PROFILE) that covers resources in * * the OPERCMDS class. * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** zSecure Audit does not take most specific generic RACF profiles protecting resources in the OPERCMDS class into account resulting in incorrect compliance reports generated by the STIG ACP00282 compliance rule set and incorrect RACF profile reported by the newlist type RESOURCE.
Problem conclusion
zSecure Audit has been modified so that it correctly processes most specific generic RACF profiles protecting resources in the OPERCMDS class, so that the ACP00282 compliance rule set produces correct results and newlist type RESOURCE displays a correct RACF profile protecting resources in the OPERCMDS class.
Temporary fix
Comments
APAR Information
APAR number
OA63748
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
250
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-09-14
Closed date
2022-09-15
Last modified date
2022-10-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ09226
Modules/Macros
CKACFEA CKADQRZ CKAGSENS CKASENI CKASERI CKRESRC CKRINPM CKRMAIN CKRVERIF GKRCFEA GKRESRC GKRGSENS GKRINPM GKRMAIN GKRSENI GKRSERI GKRVERIF
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R250 PSY UJ09226
UP22/09/17 P F209
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"250","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
03 October 2022