CL/SuperSessions Resouce Class must be defined or active in the ACP.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-224467 | ZCLSR038 | SV-224467r987853_rule | CCI-000336 | medium |
| Description | ||||
| Failure to use a robust ACP to control a product could compromise the integrity and availability of the MVS operating system and user data. | ||||
| STIG | Date | |||
| z/OS CL/SuperSession for RACF Security Technical Implementation Guide | 2024-12-16 | |||
Details
Check Text (C-224467r987853_chk)
Refer to the following report produced by the RACF Data Collection:
- RACFCMDS.RPT(SETROPTS)
Automated Analysis (Currently there is no automation for version 3 of CL/SuperSession)
Refer to the following report produced by the RACF Data Collection:
- PDI(ZCLSR038)
If the CL/SuperSession resource class(es) is (are) active, this is not a finding.
Fix Text (F-26132r952254_fix)
Ensure that the CL/SuperSession Resource Class(es) is (are) active. The SYS3.OMEGAMON.qualifier.RLSPARM(KLKINNAM) member for Version 3 of CL/Supersession or the SYS3.OMEGAMON.qualifier.RLSPARM(KLVINNAM) member for version 2 of CL/Superssion contains a "CLASSES=" entry, this entry identifies the member that contains the "VGWAPLST EXTERNAL=" entry. The "VGWAPLST EXTERNAL=" entry identifies the resource class that is used by CL/SuperSession and this resource class will be active. Current guidance identifies that APPL is the resource class identified in the above location.
Use the following commands as an example:
SETROPTS CLASSACT(APPL)