IBM Security Z Security

 View Only

IBM Security zSecure support for CICS 5.5

By Jeroen Tiggelman posted Tue January 22, 2019 04:41 AM

  
IBM CICS Transaction Server for z/OS V5.5 was announced on October 2, 2018, with a planned availability date of December 14, 2018. Toleration fixes for zSecure 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, and 2.3.1 have been made available on December 20, 2018. Five new fields have been added with properties of CICS regions.


Background

IBM Security zSecure can detect security settings for CICS regions and report on CICS transactions and programs, and can process CICS security events. ISPF menu option RE.C displays information about CICS regions (zSecure Admin, zSecure Audit)  and about CICS transactions and CICS programs (zSecure Audit only). CICS SMF records are processed in zSecure Audit, zSecure Alert, and zSecure Adapters for SIEM; the enriched events can be sent to a Security Information and Event Management (SIEM) solution, such as IBM QRadar SIEM.

The common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM is called the CARLa Auditing and Reporting Language (CARLa).

zSecure CICS Toolkit provides a toolkit and an administrator interface to administer RACF from a CICS environment.
 
Benefits

The following updates are provided:

* Toleration support for CICS Transaction Server V5R5, without which CICS information might be missing or unrecognized;
* Updated procedure and examples for specifying Program List Tables (PLTs);
* New fields SEC_PTKT and CLASS_PTKT, (security properties related to passtickets), KERB_USER (Kerberos user ID), RACFSYNC (invalidate cache for RACF events), and SNPRESET (security property for preset user IDs) in the CICS_REGION report type (displayed in RE.C.R).

The CICS_REGION report type is available in zSecure Admin and zSecure Audit. The SMF report type is available in zSecure Audit, zSecure Alert, and zSecure Adapters for SIEM. The zSecure Collect for z/OS component can be run with any of these.

Documentation updates have been provided in a Technote.

Prerequisites

To fully benefit from these enhancements the following is required:

* IBM Security zSecure 2.1 (or later), or one of the zSecure Compliance, Administration, and Auditing solutions
* The relevant PTF for APAR OA56663 (zSecure CICS Tookit) depending on your release: UA98198 (2.1.0), UA98199 (2.1.1), UA98200 (2.2.0) , UA98201 (2.2.1), UA98202 (2.3.0), or UA98203 (2.3.1)
* The relevant PTF for APAR OA56551 (zSecure Admin/Audit/Adapters) depending on your release: UA98204 (2.1.0), UA98205 (2.1.1), UA98206 (2.2.0) , UA98207 (2.2.1), UA98208 (2.3.0), or UA98209 (2.3.1)

Migration

You can apply this fix without special considerations.

Note that the RE.C.R menu option will show the new fields, and that some obsolete fields (no longer applicable since CICS 5.1) have been removed from the display.

 
If you have any questions, please post them here or on the zSecure support forum. The IBM Security zSecure today article serves as a starting point to reach all the latest zSecure announcements.
0 comments
49 views

Permalink