STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to z/OS CL/SuperSession for TSS Security Technical Implementation Guide

V-224655

CAT II (Medium)

CL/SuperSession is not properly defined to the Facility Matrix Table for Top Secret.

Rule ID

SV-224655r1145880_rule

STIG

z/OS CL/SuperSession for TSS Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-000764

Discussion

Improperly defined security controls for the Product could result in the compromise of the network, operating system, and customer data.

Check Content

Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(FACLIST) - Preferred report containing all control option values in effect including default values.
- TSSCMDS.RPT(TSSPRMFL) - Alternate report containing only control option values explicitly coded at TSS startup.

If the CL/SuperSession Facility Matrix table is defined as stated below, this is not a finding.

*KLS	CL/SUPERSESSION
FACILITY(USERxx=NAME=KLS)
FACILITY(KLS=MODE=FAIL,ACTIVE,SHRPRF)
FACILITY(KLS=PGM=KLV,NOASUBM,NOABEND,NOXDEF)
FACILITY(KLS=ID=xx,MULTIUSER,RES,LUMSG,STMSG,WARNPW,SIGN(M))
FACILITY(KLS=NOINSTDATA,NORNDPW,AUTHINIT,NOPROMPT,NOAUDIT)
FACILITY(KLS=NOTSOC,LOG(INIT,SMF,MSG,SEC9))

Fix Text

Define the CT/Engine started task name KLS as a Facility to TOP SECRET in the Facility Matrix Table using the following example:

*KLS	CL/SUPERSESSION
FACILITY(USERxx=NAME=KLS)
FACILITY(KLS=MODE=FAIL,ACTIVE,SHRPRF)
FACILITY(KLS=PGM=KLV,NOASUBM,NOABEND,NOXDEF)
FACILITY(KLS=ID=xx,MULTIUSER,RES,LUMSG,STMSG,WARNPW,SIGN(M))
FACILITY(KLS=NOINSTDATA,NORNDPW,AUTHINIT,NOPROMPT,NOAUDIT)
FACILITY(KLS=NOTSOC,LOG(INIT,SMF,MSG,SEC9))