IBM Health Checker for z/OS User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


VSM_ALLOWUSERKEYCSA

IBM Health Checker for z/OS User's Guide
SC23-6843-02

Start of change
Description:
This check examines the setting of the ALLOWUSERKEYCSA(YES|NO) DIAGxx option and compares it to the IBM® recommended setting of ALLOWUSERKEYCSA(NO). A warning is issued if the setting is YES.
Reason for check:
Allowing programs to obtain user key CSA creates a security risk because CSA storage can then be modified by any unauthorized program. IBM recommends that ALLOWERUSERKEYCSA(NO) be coded in the active DIAGxx parmlib member.
Note: Coding ALLOWUSERKEYCSA(NO) for this option will cause user key programs attempting to obtain CSA storage to ABEND with abend code B78, reason code xxxxxx5C. (The first three bytes of the reason code provide internal failure details.) The default setting for this option is ALLOWUSERKEYCSA(NO).
z/OS® releases the check applies to:
z/OS V1R4 and later.
Parameters accepted:
No.
User override of IBM values:
The following shows keywords you can use to override check values on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. This statement may be copied and modified to override the check defaults:
UPDATE,
CHECK(IBMVSM,VSM_ALLOWUSERKEYCSA),
ACTIVE,
INTERVAL(ONETIME),
SEVERITY(LOW),
DATE('20060201'),
Reference:
No
Messages:
This check issues the following exception messages:
  • IGVH110E
See the IGVH messages in z/OS MVS System Messages, Vol 9 (IGF-IWM).
SECLABEL recommended for multilevel security users:
SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.
Parent topic: VSM checks (IBMVSM)
End of change

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014