CL/SuperSessions Resouce Class must be defined or active in the ACP.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-224467 | ZCLSR038 | SV-224467r987853_rule | Medium |
| Description |
| Failure to use a robust ACP to control a product could compromise the integrity and availability of the MVS operating system and user data. |
| STIG | Date |
| z/OS CL/SuperSession for RACF Security Technical Implementation Guide | 2024-12-16 |
Details
| Check Text (C-26144r952253_chk) |
| Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession) Refer to the following report produced by the RACF Data Collection: - PDI(ZCLSR038) If the CL/SuperSession resource class(es) is (are) active, this is not a finding. |
| Fix Text (F-26132r952254_fix) |
| Ensure that the CL/SuperSession Resource Class(es) is (are) active. The SYS3.OMEGAMON.qualifier.RLSPARM(KLKINNAM) member for Version 3 of CL/Supersession or the SYS3.OMEGAMON.qualifier.RLSPARM(KLVINNAM) member for version 2 of CL/Superssion contains a "CLASSES=" entry, this entry identifies the member that contains the "VGWAPLST EXTERNAL=" entry. The "VGWAPLST EXTERNAL=" entry identifies the resource class that is used by CL/SuperSession and this resource class will be active. Current guidance identifies that APPL is the resource class identified in the above location. Use the following commands as an example: SETROPTS CLASSACT(APPL) |