Hi - we have been using the following IBM provided CARLA to check CICS is validating Transactions - since we have upgraded to CICS Transaction Server 6.2.0 the check has been providing the following 

C O M P L I A N C E   T E S T   R E S U L T S   complex PROD     standard USER                        
Rule set ISCC0106      CICS Trans class active                                                        
External RACF Classes should be active for CICS transaction checking.                                 
                                                                                                      
20 Non-Compliant object XXX1   class_tr                                                               
                                                                                                      
   Non-Compliant test b.1.Resc_Class_Active Each CICS transaction resource class pair must be active. 
   cics_region(ACTIVE=Yes) result=No value=                                                           
   for CLASS_TRN                                                                                      
                                                                                                      

Carla being used:

Domain CICS_resource_classes,                                            
  SELECT(CICS_REGION),                                                   
  SUMMARY(CICS_REGION(CLASS_TRN system complex ver))                     
RULE ISCC0106 domain(CICS_resource_classes),                             
  DESC("External RACF Classes should be active for CICS transaction chec 
king."),                                                                 
  CAPTION("CICS Trans class active") SEV(2)                              
  TEST b.1.Resc_Class_Active,                                            
    CICS_REGION(CLASS_trn:class.class.active=yes),                       
    DESC("Each CICS transaction resource class pair must be active.")    
ENDRULE                        

Has there been an update to the CARLA to work with that CICS Version or is this an issue on our end ?                                         

Hi Brett, 

since you do not mention that your company has also upgraded the zSecure version, it is unlikely that this issue is caused by an update to CARLa, as this control is still using the same CARLa code to check the settings of your CICS regions after the upgrade to CICS Transaction Server 6.2.0.

When I interpret the involved CARLa code, it reports that the configured class for "Attached Transaction security" (CLASS_trn) is supposed to be active, but according to the compliance check this configured CLASS_trn class is currently not active and as a result raises the non-compliant result. 

Did you check whether the Attached Transaction security class is configured and active for the reported CICS region on your system?

You can run option RE.C.R (Resource - CICS - Regions) in zSecure Audit to report the current settings of your defined CICS regions (provided that you use a current CKFREEZE data set as input) that shows the configured names of CICS classes and whether they are active.

By the way, your statement "the following IBM provided CARLA to check CICS is validating Transactions" is not accurate. We do not support a rule_set with the name of ISCC0106. Thus, you must be using a customized version of a standard control. 

Hope this helps. 

------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
------------------------------