STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub·STIGs updated 2 days ago
Powered by Pylon·© 2026 Beacon Cloud Solutions, Inc.
← Back to z/OS CL/SuperSession for RACF Security Technical Implementation Guide

V-224468

CAT II (Medium)

CL/SuperSession KLVINNAM member must be configured in accordance with security requirements.

Rule ID

SV-224468r1144739_rule

STIG

z/OS CL/SuperSession for RACF Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-000381

Discussion

CL/SuperSession configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications and compromise the confidentiality of customer data.

Check Content

Version 3 of CL/SuperSession
Review the member KLKINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Version 2 of CL/SuperSession
Review the member KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZCLS0042).

If one of the following configuration settings is specified for each control point defined in the KLKINNAM member for version 3 of CL/SuperSession or KLVINNAM member for version 2 of CL/SuperSession, this is not a finding.

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
RACF -
CLASSES=APPCLASS -
NODB
EXIT=KLVRACVR

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
SAF - (RACF is also acceptable)
CLASSES=APPCLASS -
NODB -
EXIT=KLSNFPTX

Fix Text

Ensure that the parameter options for member KLKINNAM for version 3 of CL/Supersession or KLVINNAM for version 2 of CL/SuperSession are coded to the below specifications.

(Note: The data set identified below is an example of a possible installation. The actual data set is determined when the product is actually installed on a system through the product's installation guide and can be site specific.)

Review the member KLKINNAM  or KLVINNAM in the TLVPARM DD statement concatenation of the CL/SuperSession STC procedure. (This member is located in SYS3.OMEGAMON.qualifier.RLSPARM.) Ensure all session manager security parameters and control options are in compliance according to the following: 

DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
      RACF -
      CLASSES=APPCLASS -
      NODB
      EXIT=KLVRACVR

(The following is for z/OS CAC logon processing)
DEFAULT DSNAME(SYS3.OMEGAMON.qualifier.RLSNAM) -
      SAF - (RACF is also acceptable)      CLASSES=APPCLASS -
      NODB -
      EXIT=KLSNFPTX