A fix is available
APAR status
Closed as new function.
Error description
ACF2 data set related STIG controls SSE for zSecure Audit for ACF2
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Audit for ACF2 Compliance * * Testing Framework. * **************************************************************** * PROBLEM DESCRIPTION: New STIG compliance rules for zSecure * * Audit for ACF2 Compliance Testing * * Framework. * **************************************************************** * RECOMMENDATION: Apply the PTF provided and review the * * published documentation updates. * **************************************************************** The zSecure Audit for ACF2 Compliance Testing Framework is extended with the following STIG compliance rules: - ACP00010: Restrict WRITE, ALLOC, and READ access to SYS1.PARMLIB. - ACP00020: Restrict WRITE and ALLOC access to SYS1.LINKLIB. - ACP00030: Restrict WRITE and ALLOC access to SYS1.SVCLIB. - ACP00040: Restrict WRITE and ALLOC access to SYS1.IMAGELIB. - ACP00050: Restrict WRITE and ALLOC access to SYS1.LPALIB. - ACP00060: Restrict WRITE and ALLOC access to APF authorized libraries. - ACP00070: Restrict WRITE and ALLOC access to LPA libraries. - ACP00080: Restrict WRITE and ALLOC access to SYS1.NUCLEUS - ACP00110: Restrict WRITE and ALLOC access to LINKLIST libraries. - ACP00120: Restrict WRITE, ALLOC, and READ access to ACP data sets. - ACP00130: Restrict WRITE and ALLOC access to the Master Catalog. - ACP00135: Restrict ALLOC access to User Catalogs. - ACP00150: Restrict WRITE and ALLOC access to JES system data sets. - ACP00170: Restrict WRITE, ALLOC, and READ access to SYS1.UADS. - ACP00180: Restrict WRITE and ALLOC access to SMF libraries. - ACP00230: Restrict WRITE, ALLOC, and READ access to Page data sets. - ACP00250: Restrict WRITE and ALLOC access to system STC and TSO procedures. - ACF00395: Use specified cryptography to protect passwords and password phrases.
Problem conclusion
Temporary fix
Comments
zSecure Audit for ACF2 Compliance Testing Framework has been extended to support new STIG data set related compliance rules. PLEASE NOTE the documentation updates and enhancements can be found as the TechNotes at the following locations: http://www.ibm.com/support/docview.wss?uid=swg21692978 http://www.ibm.com/support/docview.wss?uid=swg22005447
APAR Information
APAR number
OA52751
Reported component name
AUDIT-R,A,T ACF
Reported component ID
5655T0200
Reported release
221
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-05-05
Closed date
2017-06-30
Last modified date
2017-08-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
OA52753 UA92493
Modules/Macros
C2AFDEF C2AG@6 C2AGA395 C2AGC010 C2AGC020 C2AGC030 C2AGC040 C2AGC050 C2AGC060 C2AGC070 C2AGC080 C2AGC110 C2AGC120 C2AGC130 C2AGC135 C2AGC150 C2AGC170 C2AGC180 C2AGC230 C2AGC250 C2AIAYLA C2AIAYLR C2AIAYLW C2AIAYP1 C2ARULE C2ASTR GKAFDEF GKARULE GKASTR
Fix information
Fixed component name
AUDIT-R,A,T ACF
Fixed component ID
5655T0200
Applicable component levels
R221 PSY UA92493
UP17/07/04 P F707
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRQGZ","label":"IBM Security zSecure Audit for ACF2"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 August 2017