IBM Z Software
Hide about this portal


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Delivered
Workspace zSecurity
Categories zSecure Audit
Created by Guest
Created on Oct 12, 2021

RELATED IDEAS

An enhancement is required to report the externalized SAF name for STIG Report ZJES0032

See this idea on ideas.ibm.com

zSecure Audit Report ZJES0032, reports a non-compliant state for the Profile HSAP.OJT.OFF1.JT in class Writer. However we have a profile created for this case HASP.OJT.OFF*.JT. Even that is present we get that non-compliant state in Report ZJES0032.

The only matching profiles available in class WRITER are:

jesname.LOCAL.devicename

jesname.RJE.devicename

jesname.NJE.nodename

None of the above would match the reported profile.the reported resource names should match to the actual SAF resource names relevant to the rule finding.

According the JES2 documentation and the stated profile in the rule it is not clear why the available Profile HASP.OJT.OFF*.JT is not considered as protection. ZJES0032 does not really represent what is available

The resource names reported are actually internal JES2 names, in the JESdev "class".

For the non-compliant finding for JESdev resource HASP.OJT.OFF1.JT, the profile needed for HASP.OJT.OFF1.JT would need to protect SAF resource name HASP.LOCAL.OFF1.JT. Creating the generic profile does resolve the observation

An enhancement is needed to adjust this appearance/behaviour. Currently newlist type=compliance does not always contains the actual SAF Class and SAF resource name. In this case of JES related resources, it contains the internal JES resource, not the externalised SAF name.

Idea priority Medium
  • Guest
    Reply
    |     Nov 13, 2023

    Hi Hans
    Glad to read it is delivered with 3.1.0!

  • Admin
    HANS SCHOONE
    Reply
    |     Nov 13, 2023

    Delivered in zSecure 3.1.0

  • Guest
    Reply
    |     Dec 17, 2021

    Note that you can now (Rel 250) see the mapping between JES internal name and the SAF resource name via RE.J.D . Select a specific device name and the SAF class (JESINPUT, WRITER) and SAF resource name will show in the detail panel

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.