← Back to z/OS CL/SuperSession for TSS Security Technical Implementation Guide

V-224653

CAT II (Medium)

CL/SuperSession Started Task name is not properly identified/defined to the system ACP.

Rule ID

SV-224653r1145875_rule

STIG

z/OS CL/SuperSession for TSS Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-000764

Discussion

CL/SuperSession requires a started task that will be restricted to certain resources, data sets, and other system functions. Defining the started task as a userid to the system ACP allows the ACP to control the access and authorized users that require these capabilities. Failure to properly control these capabilities could compromise the operating system environment, ACP, and customer data.

Check Content

Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(@ACIDS).

Review the CL/SuperSession STC/Batch ACID(s). If the following attributes are defined, this is not a finding.

FACILITY(STC, BATCH)
PASSWORD(xxxxxxxx,0)
SOURCE(INTRDR)
NOSUSPEND
MASTFAC(KLS)

Fix Text

The Systems Programmer and ISSO will ensure that the started task for CL/SuperSession is properly defined.

Review all session manager security parameters and control options for compliance. Develop a plan of action and implement the changes as specified.

Define the started task userid KLS for CL/SuperSession.

Example:

TSS CRE(KLS) DEPT(Dept) NAME('CL/SuperSession STC') -
  FAC(STC) MASTFAC(KLS) PASSWORD(password,0) -
  SOURCE(INTRDR) NOSUSPEND