IBM Support

IBM Security zSecure Service Stream Enhancement: MQ auditing, Command Audit Trail, compliance automation, and other enhancements (APAR numbers OA59807, OA59823, OA59861, and OA59862)

News


Abstract

This document describes the documentation updates as a result of the Service Stream Enhancement (SSE) for MQ auditing, compliance automation, Command Audit Trail, and other enhancements (APAR numbers OA59807, OA59823, OA59861, and OA59862).

Content

The following enhancements were made for this zSecure V2.4.0 SSE:
  • MQ auditing:
    • New report types:
      • MQ_AUTHINFO to report on MQ authentication information objects.
      • MQ_CHLAUTH to report on MQ channel authentication records.
    • The MQ_REGION reports show the following:
      • Authentication information object for user ID and password authentication.
      • Certificates that the queue manager and queue sharing group use.
      • Presence of various switch profiles.
    • The MQ_CHANNEL report type identifies the security exit and the user data that is passed to it, as well as the channel's certification label.
    • The disposition of inbound transmissions has been added to the MQ_INIT reports.
  • STIG controls:
    • Automation of more STIG controls: 17 for RACF, 8 for ACF2, and 8 for Top Secret.
    • Equivalents of STIG controls RACF0570 and RACF0580 that allow for password phrases in addition to passwords are provided in the zSecure Extra standard.
    • General improvements for checking general access and logging requirements.
  • Command Verifier:
    • Various enhancements have been made to the Command Audit Trail.
    • Multiple commands can now be specified in a pre-command or post-command policy profile.
  • Selection on audit and global audit settings are added to the RA.D and RA.R menu options.
  • Db2 102 IFCid 106 events (Security parameters at start-up/reload) are now sent to IBM QRadar SIEM and Micro Focus ArcSight.
  • Performance improvements are made for ACF2 TRUSTED reporting.
  • ICSF settings are added to the IPL parameters report.
  • Automatic sensitivities are added, for example, for inaccessible LPA or linklist libraries.
  • New fields FALLBACK_DATASET and FALLBACK_DATASET_VOLSER are added to the SENSDSN report type to identify secondary, duplex, or backup RACF data sets.
The documentation updates apply to zSecure V2.4.0. Each of the following links includes a PDF file with the updates for the subject publication:
Notes:
  • The revision bars in the margin indicate updates since publication of the zSecure Service Stream Enhancement (SSE) for Further Automation Of DISA STIG Resource Controls And Other Enhancements (OA59004, OA59006) on April 11, 2020.
  • Referenced or linked topics that have not changed are not included in this document. You can find them in the publication that the chapter applies to.
  • The zSecure (Admin and) Audit User Reference Manuals and the zSecure CARLa Command Reference are available to licensed clients only. To access the zSecure V2.4.0 licensed documentation, sign in to the IBM Security zSecure Suite Library with your IBM ID and password. If you do not see the licensed documentation, your IBM ID is probably not yet registered. Send a mail to zDoc@nl.ibm.com to register your IBM ID.
Incompatibility warnings

STIG members renamed for controls AAMV0410 and AAMV0420
Original member name Renamed for RACF systems Renamed for ACF2 systems Renamed for Top Secret systems
C2RGM410 CKAGM410 C2AGM410 CKTGM410
C2RGM420 CKAGM420 C2AGM420 CKTGM420
Multiline mixed SBCS/DBCS strings
With previous versions of CARLa and CKGRACF, within a string literal crossing a line boundary, if a line ended with a shift-in (SI) character and an optional space, and if the next line started with a shift-out (SO) character, the SI character, optional space, and SO character were trimmed away by the parser. This trimming behavior has been extended as follows.

Within a string literal crossing a line boundary, if a continuation line starts with an SO character, optionally preceded by Single-byte Character Set (SBCS) space characters, lines immediately preceding this line are trimmed away if they entirely consist of SBCS spaces. Trailing SBCS spaces in the line before these blank lines, if any, are trimmed away as well. If the trimmed line ends with an SI character and the continuation line starts with an SO character, these SI and SO characters are trimmed away, too.
Double-byte Character Set (DBCS) space characters are typically used for non-Roman character languages, like Japanese.

For more information, see section "Syntax rules" in zSecure CARLa Command Reference.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"ARM Category":[{"code":"a8m0z000000GoZlAAK","label":"zSecure Admin->Documentation"}],"ARM Case Number":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPN95","label":"IBM Security zSecure Audit"},"ARM Category":[{"code":"a8m0z000000GoYsAAK","label":"zSecure Audit->Documentation"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRM9V","label":"IBM Security zSecure Command Verifier"},"ARM Category":[{"code":"a8m0z000000bm8NAAQ","label":"zSecure Command Verifier->Documentation"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSCHPT","label":"IBM Security zSecure Adapters for SIEM"},"ARM Category":[{"code":"a8m0z000000GoWNAA0","label":"zSecure Data Preparation for SIEM->Documentation"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

zSecure

Document Information

Modified date:
05 October 2020

UID

ibm16241394

Page Feedback