IBM Support

Further Automation Of DISA STIG Resource Controls And Other Enhancements (OA59004, OA59006)

News


Abstract

This document describes the documentation updates as a result of the Service Stream Enhancement (SSE; OA59004, OA59006). This SSE provides many new automatically determined sensitivity types.

Incompatibility warnings with regard to the removal of BMC_MAINVIEW_STC and the renaming of sensitivity type DspSysCfg (to SDSFAppInfo) are documented in the PDF files with the documentation updates for this SSE.

Content

The following DISA STIG RACF resource controls were automated further:
Table 1. Further automated resource controls
image-20200407153747-3
Note: Some of these resource controls require a SIMULATE SUBSYS command to be issued. For more information, see the following sections:
• zSecure (Admin and) Audit User Reference Manuals: section "Simulating an active subsystem".
• zSecure CARLa Command Reference, SUBSYS security_options in section "SIMULATE".
In addition, several other controls were also updated, corresponding with the following members:
image-20200407153629-1
Aside from the updated controls, the following enhancements were made for this zSecure V2.4.0 SSE:
  • ACF2 access list processing has been revised to improve performance. This is most notable in the ACF2_SENSDSN_ACCESS report type, which is used in a fair number of ACF2 STIG data set controls. It also affects AS_DD, all DB2_* report types, and ACF2_SENSRESOURCE_ACCESS.
  • The sensitive data sets reports now show more data set sensitivities; a few additional enhancements have also been made.
  • Enhancements to the internal resource sensitivity knowledge bases result in more records being reported in report type RESOURCE. Even more additional records might be reported by TRUSTED processing, because of the recursive nature of this report type.
  • More CA 1-specific settings are reported in the Tape protection reports.
  • A WTO is issued with routing code 9 when real-time security event monitoring starts in CKQRADAR, at the time that message CKR0450 is written to SYSPRINT. The messages reporting on SMF cache processing have been improved and streamlined in connection with RESTART processing.
  • New output format DEC$DIGITS enables printing decimal numbers with leading zeroes.
  • Adjustable return code for CKR1322.
  • Several enhancements to the DEBUG command for serviceability.
All the documentation updates apply to zSecure V2.4.0. The updates for each of the affected publications are provided through separate PDF files. These PDF files are available in the IBM Security zSecure Suite Library Version 2.4.0:
Notes:

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"ARM Category":[{"code":"a8m500000008ZPYAA2","label":"zSecure"}],"ARM Case Number":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"V2.4.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPN95","label":"IBM Security zSecure Audit"},"ARM Category":[{"code":"a8m500000008ZPYAA2","label":"zSecure"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"V2.4.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSCHPT","label":"IBM Security zSecure Adapters for SIEM"},"ARM Category":[],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"V2.4.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 April 2020

UID

ibm11288648

Page Feedback