OA65942: STIG CONTROLS REPORT INCORRECT RESULTS WITH CL/SUPERSESSION 3.1

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• STIG controls report incorrect results with CL/Supersession 3.1.
  
  When running IBM CL/Supersession 3.1, the zSecure rule-based
  compliance evaluation (AU.R) STIG controls (ZCLS*) do not
  recognise that CL/Supersession is running, and do not check the
  correct TLVPARM members, as the member name prefix changed from
  KLV to KLK.
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Audit exploiting compliance *
  *                 controls which check IBM CL/SuperSession     *
  *                 settings (zSecure compliance controls in the *
  *                 ZCLS category).                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: zSecure Audit might not detect the      *
  *                      activity status of the IBM              *
  *                      CL/SuperSession properly resulting in   *
  *                      incorrect compliance reports in ZCLS    *
  *                      category.                               *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided and review the        *
  *                 documentation updates.                       *
  ****************************************************************
  IBM CL/SuperSession V3.1 data is not processed properly by
  zSecure Audit resulting in incorrect compliance reports in ZCLS
  category (no objects are tested) since IBM CL/SuperSession
  Engine elements have been renamed from KLVxxxxx and KLUxxxxx to
  KLKxxxxx and KLJxxxxx.
  

Problem conclusion

• zSecure Audit has been modified, so that compliance controls in
  the ZCLS category deliver proper results for IBM CL/SuperSession
  V3.1. Please note the documentation updates as provided by the
  APAR tracking comment data.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ94642 UJ94643

Modules/Macros

• C2R3NM08 C2R3NM09 C2R3NM0A C2R3NM0O C2R3NM0P C2R3NM0Q C2R3NM0R
  C2R3NM0S CKASEND  CKFAS    CKRCKFIN GKRCKFIN GKRSEND
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R250 PSY UJ94643

     UP24/02/15 P F402

• R310 PSY UJ94642

     UP24/02/15 P F402

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.