Rule ID
SV-224282r1141407_rule
Version
V7R2
Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.
The following steps are necessary for reviewing the CL/SuperSession options: Request online access from the site administrator to view CL/SuperSession parameter settings. Once access to the CL/SuperSession Main Menu has been obtained, select the option for the ADMINISTRATOR menu. From the ADMINISTRATOR menu, select the option for the PROFILE SELECTION menu. From the PROFILE SELECTION menu, select the View GLOBAL Profile option. After selection of the View GLOBAL Profile option, the Update GLOBAL Profile menu appears. From this menu, select the profile to be reviewed: - To view the Common profile, select: _Common - To view the SUPERSESSION profile, select: _SupSess Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCLS0040). Compare the security parameters as specified in the Required CL/SuperSession Common Profile Options and Required CL/SuperSession Profile Options Tables in the z/OS STIG Addendum against the settings in CL/SuperSession. If all options as specified in the Required CL/SuperSession Common Profile Options and Required CL/SuperSession Profile Options Tables in the z/OS STIG Addendum are in effect, this is not a finding.
The systems programmer and ISSO will review all session manager security parameters and control options for compliance with the requirements of the z/OS STIG Addendum Required CL/SuperSession Common Profile Options and Required CL/SuperSession Profile Options Tables. Verify that the options are set properly.