IBM CICS Transaction Server for z/OS V5.5 was announced on October 2, 2018, with a planned availability date of December 14, 2018. Toleration fixes for zSecure 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, and 2.3.1 have been made available on December 20, 2018. Five new fields have been added with properties of CICS regions.
BackgroundIBM Security zSecure can detect security settings for CICS regions and report on CICS transactions and programs, and can process CICS security events. ISPF menu option RE.C displays information about CICS regions (zSecure Admin, zSecure Audit) and about CICS transactions and CICS programs (zSecure Audit only). CICS SMF records are processed in zSecure Audit, zSecure Alert, and zSecure Adapters for SIEM; the enriched events can be sent to a Security Information and Event Management (SIEM) solution, such as IBM QRadar SIEM.
The common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM is called the CARLa Auditing and Reporting Language (CARLa).
zSecure CICS Toolkit provides a toolkit and an administrator interface to administer RACF from a CICS environment.
Benefits
The following updates are provided:
* Toleration support for CICS Transaction Server V5R5, without which CICS information might be missing or unrecognized;
* Updated procedure and examples for specifying
Program List Tables (PLTs);
* New fields SEC_PTKT and CLASS_PTKT, (security properties related to passtickets), KERB_USER (Kerberos user ID), RACFSYNC (invalidate cache for RACF events), and SNPRESET (security property for preset user IDs) in the CICS_REGION report type (displayed in RE.C.R).
The CICS_REGION report type is available in zSecure Admin and zSecure Audit. The SMF report type is available in zSecure Audit, zSecure Alert, and zSecure Adapters for SIEM. The zSecure Collect for z/OS component can be run with any of these.
Documentation updates have been provided in a
Technote.
Prerequisites
To fully benefit from these enhancements the following is required:
* IBM Security zSecure 2.1 (or later), or one of the
zSecure Compliance, Administration, and Auditing solutions * The relevant PTF for APAR
OA56663 (zSecure CICS Tookit) depending on your release: UA98198 (2.1.0), UA98199 (2.1.1), UA98200 (2.2.0) , UA98201 (2.2.1), UA98202 (2.3.0), or UA98203 (2.3.1)
* The relevant PTF for APAR
OA56551 (zSecure Admin/Audit/Adapters) depending on your release: UA98204 (2.1.0), UA98205 (2.1.1), UA98206 (2.2.0) , UA98207 (2.2.1), UA98208 (2.3.0), or UA98209 (2.3.1)
Migration
You can apply this fix without special considerations.
Note that the RE.C.R menu option will show the new fields, and that some obsolete fields (no longer applicable since CICS 5.1) have been removed from the display.
If you have any questions, please post them here or on the
zSecure support forum. The
IBM Security zSecure today article serves as a starting point to reach all the latest zSecure announcements.