CA Top Secret Security for z/os CA RS 1404 Service List

Transcription

1 CA Top Secret Security for z/os CA RS 1404 Service List Description Hiper 15.0 RO58399 S0C4 ABEND PROCESSING RACROUTE VERIFY, ENCRYPT=NO RO63670 CIA RT DOES NOT UPDATE RESOURCE PERMISSIONS FOR MRIE CLASSES RO64305 PDS/M XTIOT AND Z/OS 2.1 COMPATIBILITY RO64503 SUPPORT IBM ENF SIGNALING PROCESS TYPE 71 RO64901 CIAUNLD JOB ABENDS WITH S0E0-30 RO65728 U RUNNING DIGITAL CERTIFICATE UTILITY RO65810 ABEND S0C4-3B IN CAS4DEB RO65975 TSS MODIFY ALLOWING ADDING +A TO TRAN BYPASS ENTRY RO66026 LIST(ACIDS) FAILS WITH TSS0314E WHEN ACID DELETED DURING JOB RO66116 ADD TSS9998I FOR STATG TSF PROCESS RO66257 WITH MLIPCOBJ(NO) CK_IPC CALLS CAN FAIL RO66458 DUPLICATE PERMISSION ROWS IN CIA PERMXREF TABLE RO66459 S0C3 ABEND IN CIARTMJL DURING CIA REAL TIME INIT RO66689 S92A LMOD CIATSMVT CSECT TSSCIRCF+2E4 RO66988 ERROR W/LIST ARCHIVE IF NAME IS BLANKS RO67089 DON'T PROPAGATE ADMIN-CHECK ONLY SECURITY COMMANDS RO67183 ACEEINST MAY POINT TO A FREEMAINED STORAGE RO67302 AUDIT CHANGES DATE(-01) FAILS W/TSS8125E The CA RS 1404 service count for this release is 18

2 CA Top Secret Security for z/os CA RS 1404 Service List Description Hiper 14.0 NO-SRVC CA RS 1404 Contains No Service For This Release of This Product. The CA RS 1404 service count for this release is 0

3 CA Top Secret Security for z/os 3 CA RS 1404 Service List for CAKOF00 FMID Service Description Hiper CAKOF00 RO58399 S0C4 ABEND PROCESSING RACROUTE VERIFY, ENCRYPT=NO RO63670 CIA RT DOES NOT UPDATE RESOURCE PERMISSIONS FOR MRIE CLASSES RO64305 PDS/M XTIOT AND Z/OS 2.1 COMPATIBILITY RO64503 SUPPORT IBM ENF SIGNALING PROCESS TYPE 71 RO64901 CIAUNLD JOB ABENDS WITH S0E0-30 RO65728 U RUNNING DIGITAL CERTIFICATE UTILITY RO65810 ABEND S0C4-3B IN CAS4DEB RO65975 TSS MODIFY ALLOWING ADDING +A TO TRAN BYPASS ENTRY RO66026 LIST(ACIDS) FAILS WITH TSS0314E WHEN ACID DELETED DURING JOB RO66116 ADD TSS9998I FOR STATG TSF PROCESS RO66257 WITH MLIPCOBJ(NO) CK_IPC CALLS CAN FAIL RO66458 DUPLICATE PERMISSION ROWS IN CIA PERMXREF TABLE RO66459 S0C3 ABEND IN CIARTMJL DURING CIA REAL TIME INIT RO66689 S92A LMOD CIATSMVT CSECT TSSCIRCF+2E4 RO66988 ERROR W/LIST ARCHIVE IF NAME IS BLANKS RO67089 DON'T PROPAGATE ADMIN-CHECK ONLY SECURITY COMMANDS RO67183 ACEEINST MAY POINT TO A FREEMAINED STORAGE RO67302 AUDIT CHANGES DATE(-01) FAILS W/TSS8125E The CA RS 1404 service count for this FMID is 18

4 CA Top Secret Security for z/os CA RS PTF RO RO58399 RO58399 M.C.S. ENTRIES = ++PTF (RO58399) S0C4 ABEND PROCESSING RACROUTE VERIFY, ENCRYPT=NO S0C4 can occur in TSSNPWVF if the NEWPASS= is coded on a RACROUTE VERIFY request and ENCRYPT=NO is also coded. TSS9999E CA-TSS SECURITY SVC ABEND S0C4 IN TSSNPWVF+xxx The attempt to change the password abends and the password can't be changed to the value that was attempted. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 CA-TOP SECRET-MVS Release 14.0 TSSMVS 9434 Copyright (C) 2013 CA. All rights reserved. R00787-TSS150-SP1 DESC(S0C4 ABEND PROCESSING RACROUTE VERIFY, ENCRYPT=NO). PRE ( RO25587 RO55678 ) SUP ( TR26661 RO26661 TR58399 ) ++HOLD (RO58399) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13312) PURPOSE S0C4 ABEND PROCESSING RACROUTE VERIFY, ENCRYPT=NO USERS NEWPASS= coded on a RACROUTE VERIFY with ENYCRYPT=NO AFFECTED KNOWLEDGE REQUIRED All users that leverage TSS. ACCESS 1- Product Administration 2- SMP/E REQUIRED 3- z/os Systems Programming 4- Security Administration SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

5 CA Top Secret Security for z/os CA RS PTF RO RO63670 RO63670 M.C.S. ENTRIES = ++PTF (RO63670) CIA RT DOES NOT UPDATE RESOURCE PERMISSIONS FOR MRIE CLASSES CIA Realtime does not update the CIA database for resource permissions against Maskable General Resource classes. New TSS resource permissions are not propagated to the CIA database. TSS CIA reports may not contain valid Maskable General Resource permissions after the time of the initial load of the database. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9497 Copyright (C) 2013 CA. All rights reserved. R00868-TSS150-SP1 DESC(CIA RT DOES NOT UPDATE RESOURCE PERMISSIONS FOR MRIE CLASSES). PRE ( RO36198 RO47730 ) SUP ( TR63670 ) ++HOLD (RO63670) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14006) PURPOSE Allow maskable general resources to properly update into a CIA database via CIA Real Time. USERS All clients running CIA Realtime to report on resource AFFECTED permissions. KNOWLEDGE 1- Product Administration 2- SMP/E REQUIRED 3- z/os Systems Commands 4- z/os Systems Programming ACCESS REQUIRED SMP/e CSI libraries SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

6 CA Top Secret Security for z/os CA RS PTF RO RO64305 RO64305 M.C.S. ENTRIES = ++PTF (RO64305) PDS/M XTIOT AND Z/OS 2.1 COMPATIBILITY Add the following support for PDS member level protection: 1) z/os 1.12 added the ability to exploit XTIOT entries for dynamic dataset allocation if NON_VSAM_XTIOT=YES. 2) Adjustments for changes made to dataset access with z/os 2.1. PDS member level protection maybe bypassed under the above conditions. PDS member level protection maybe bypassed under the above conditions. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9504 Copyright (C) 2013 CA. All rights reserved. R00878-TSS150-SP1 DESC(PDS/M XTIOT AND Z/OS 2.1 COMPATIBILITY). PRE ( RO24069 ) SUP ( TR28670 RO28670 TR27232 TR44224 RO44224 TR48545 RO48545 TR64305 ) ++HOLD (RO64305) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13301) CA TOP SECRET FOR Z/OS RELEASE 15.0 PURPOSE PDS/M XTIOT AND Z/OS 2.1 COMPATIBILITY USERS AFFECTED All users leveraging PDS member protection support. KNOWLEDGE 1 - Product Administration 2 - SMP/E REQUIRED 3 - z/os Systems Programming 4 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. LLA Refresh 2. TSS MODIFY PDSPROT(OFF) turns off PDS protection 3. TSS MODIFY PDSPROT(ON) turns on PDS protection

7 CA Top Secret Security for z/os CA RS PTF RO RO64503 RO64503 M.C.S. ENTRIES = ++PTF (RO64503) SUPPORT IBM ENF SIGNALING PROCESS TYPE 71 The ENF 71 function under z/os enables communication between administrators and applications. Beginning with z/os 1.11 and CICS 4.1, CICS monitors type 71 RACF ENF signals. CA Top Secret immediately sends an ENF signal to CICS when a security administrator makes the following changes: * Suspends a signed-on remote user or a signed-on user who is not directly using a physical terminal or console. * Adds or removes the profile for a signed-on remote user or a signed-on user who is not directly using a physical terminal or console. When the profile addition or removal occurs and CICS receives a new attach request for a user ID, CICS performs an implicit signon for the user ID and uses the new profile information. Existing tasks for the user continue with the profile that was valid when the task was attached. * Deletes a signed-on remote user or a signed-on user who is not directly using a physical terminal or console. Note: CICS is not notified when a user ID expires. The ENF signal immediately notifies CICS of the change to the user's security record (overriding any setting specified in the USRDELAY system initialization parameter CICS can then refresh or remove the user's security record in a remote CICS region. Example: Monitoring Type 71 RACF ENF Signals In this example, an administrator issues the following command to suspend USER01 for five days: TSS ADDTO(USER01) SUSPEND FOR(5) Issuing the command immediately notifies CICS of the change. Not applicable. TSS commands will send ENF 71 signals if listener active. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9248 Copyright (C) 2013 CA. All rights reserved. R00881-TSS150-SP1 DESC(SUPPORT IBM ENF SIGNALING PROCESS TYPE 71). PRE ( RO20497 RO23523 RO25900 RO35644 RO36198 RO38472 RO38876 RO40240 RO43262 RO50801 RO55678 RO63150 RO63740 ) SUP ( TR23625 TR24362 TR26159 RO26159 TR26572 TR16981 TR32699 TR32766 RO26572 TR38113 DR36198 TR40741 AR24362 RO24362 TR46218 RO38113 RO40741 TR45022 TR46328 RO46218 TR49435 TR47100 TR52867 RO49435 TR53949 TR54418 RO46328 TR57834 RO57834 TR60151 RO60151 TR60841 RO23625 RO32766 RO52867 RO53949 RO54418 RO60841 TR63862 TR64484 TR64503 ) ++HOLD (RO64503) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13310) SEQUENCE AFTER APPLY PURPOSE Introduce CA Top Secret support for the ENF 71 listener USERS AFFECTED All users that intend to leverage ENF 71. KNOWLEDGE 1- Product Administration 2- SMP/E

8 CA Top Secret Security for z/os CA RS PTF RO64503 REQUIRED 3- z/os Systems Programming 4- Security Administration ACCESS REQUIRED SMP/E CSI libraries SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. ++HOLD (RO64503) SYSTEM FMID(CAKOF00) REASON (DOC ) DATE (13310) * * PUBLICATION * * THE FOLLOWING CA TOP SECRET GUIDES HAVE BEEN UPDATED RELATED TO THIS support. Access to these updated guides is available via CA Support Online. Each guide (just prior to the start of the CONTENTS section) has a DOCUMENTATION CHANGES section that provides hyper links to the related new feature documentation updates. CA Top Secret Release Notes Guide CA Top Secret Command Functions Guide CA Top Secret Report and Tracking Guide CA Top Secret Implementation: CICS Guide

9 CA Top Secret Security for z/os CA RS PTF RO RO64901 RO64901 M.C.S. ENTRIES = ++PTF (RO64901) CIAUNLD JOB ABENDS WITH S0E0-30 If the CIAUNLD job is run where CIACFILE was run against a security file with greater than 320,000 acids, then the CIAUNLD job will abend with a S0E0-30. CIAUNLD job abends with S0E0-30 abend code. CIAUNLD job will not complete. None. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS Release 14.0 TSSMVS 9473 Copyright (C) 2013 CA. All rights reserved. R00893-TSS150-SP1 DESC(CIAUNLD JOB ABENDS WITH S0E0-30). PRE ( RO35644 RO36198 RO36912 RO47730 RO50925 RO55372 ) SUP ( TR42348 RO42348 TR51709 TR54274 TR61173 TR61185 TR64901 ) ++HOLD (RO64901) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13316) PURPOSE Address a S0E0-30 when running CIAUNLD. USERS All user that leverage TSS CIA. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of CIAUNLD job.

10 CA Top Secret Security for z/os CA RS PTF RO RO65728 RO65728 M.C.S. ENTRIES = ++PTF (RO65728) U RUNNING DIGITAL CERTIFICATE UTILITY The Digital Certificate Utility, SAFCRRPT, can ABEND with an LE error U or S0C4 while listing a certificate that has a KEYUSAGE of 'HANDSHAKE DATAENCRYPT DOCSIGN CERTSIGN KEYAGREE'. SAFCRRPT ABENDs with U during execution. Return x'20' can be seen in register R15 in the joblog or a SOC4 abend in various locations in SAFCRRPT. The utility ABENDs and the report is incomplete. Use TSS LIST(USER) DIGICERT(XXXXX) - instead to list the certificates. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9524 Copyright (C) 2013 CA. All rights reserved. R00906-TSS150-SP1 DESC(U RUNNING DIGITAL CERTIFICATE UTILITY). PRE ( RO20174 RO25900 RO35644 RO36198 RO55678 ) SUP ( TR65728 ) ++HOLD (RO65728) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13344) PURPOSE Resolve U or S0C4 running SAFCRRPT Utility USERS Users that use the SAFCRRPT Utility AFFECTED KNOWLEDGE 1 - SMP/E REQUIRED 2 - z/os Systems Programming 3 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. LLA Refresh 2. Rerun the job

11 CA Top Secret Security for z/os CA RS PTF RO RO65810 RO65810 M.C.S. ENTRIES = ++PTF (RO65810) ABEND S0C4-3B IN CAS4DEB PDS member level protections can ABEND with S0C4-3B in CAS4DEB when called in AMODE 64 and PDS protection is active. Problem showed up during the DB2 v10 precompile job. The DB2 precompile job ABENDs with S0C4-3B in CAS4DEB. Either disable PDS member level protection while the DB2 precompile job is running or remove the PDS from PDS member level protection. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9527 Copyright (C) 2013 CA. All rights reserved. R00910-TSS150-SP1 DESC(ABEND S0C4-3B IN CAS4DEB). PRE ( RO24069 ) SUP ( TR65810 ) ++HOLD (RO65810) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13364) PURPOSE Resolve S0C4-3B during PDS protection USERS User that have PDS protect active with DB2 V10. Also any AFFECTED program that access a protected PDS in Amode 64. KNOWLEDGE 1-1- Product Administration REQUIRED 2 - SMP/E 3 - z/os Systems Programming 4 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. SMP Apply 2. IPL with CLPA

12 CA Top Secret Security for z/os CA RS PTF RO RO65975 RO65975 M.C.S. ENTRIES = ++PTF (RO65975) TSS MODIFY ALLOWING ADDING +A TO TRAN BYPASS ENTRY TSS Modify command not failing when +A added to non TRANID bypass list. Resource suffix +A allowed to be added to any Bypass List. Erroneous Bypass List entries. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9531 Copyright (C) 2013 CA. All rights reserved. R00913-TSS150-SP1 DESC(TSS MODIFY ALLOWING ADDING +A TO TRAN BYPASS ENTRY). SUP ( TR37036 RO37036 TR65975 ) ++HOLD (RO65975) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13350) PURPOSE Fail TSS MODIFY BYPADD for resource names +A if bypass list is not TRANID. USERS All users who issue modify commands for CICS bypass lists. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

13 CA Top Secret Security for z/os CA RS PTF RO RO66026 RO66026 M.C.S. ENTRIES = ++PTF (RO66026) LIST(ACIDS) FAILS WITH TSS0314E WHEN ACID DELETED DURING JOB CLient runs a nightly job that does TSS LIST(ACIDS)DATA(ALL,PASS If an ID is deleted after the command is initiated the LIST command will terminate with the following messages: TSS0314E ACID DOES NOT EXIST TSS0301I LIST FUNCTION FAILED, RETURN CODE = 8 Job to list all acids ends with TSS0314E message and doesn't list all users. Incomplete listing. Rerun job. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9529 Copyright (C) 2014 CA. All rights reserved. R00914-TSS150-SP1 DESC(LIST(ACIDS) FAILS WITH TSS0314E WHEN ACID DELETED DURING JOB). PRE ( RO20497 RO23523 RO36198 RO38472 RO38876 RO43262 RO50801 RO55678 RO63150 RO63740 RO64503 ) SUP ( TR26159 RO26159 TR26572 RO26572 TR38113 DR36198 TR40741 RO38113 RO40741 TR45022 TR46328 RO46328 TR57834 RO57834 TR60151 RO60151 TR60841 RO60841 TR66026 ) ++HOLD (RO66026) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (14036) PURPOSE Allow LIST(ACIDS) to continue when acid not found USERS All user that issue LIST(ACIDS) AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR.

14 CA Top Secret Security for z/os CA RS PTF RO RO66116 RO66116 M.C.S. ENTRIES = ++PTF (RO66116) ADD TSS9998I FOR STATG TSF PROCESS While CHORTSF is down, client receives error message TSS9886I TSF Buffer Full - Write to Chorus Buffer Ended in the SYSLOG. The security statistics are not displaying in CHORUS 3.0 UI. Chorus STATG records not written to Chorus TSF UI, along with message TSS9886I indicating buffer was full. Chorus STATG related statistics will be lost and not recorded. Keep Time Series Facility (TSF) region up. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9533 Copyright (C) 2013 CA. All rights reserved. R00917-TSS150-SP1 DESC(ADD TSS9998I FOR STATG TSF PROCESS). PRE ( RO36198 RO38472 RO42576 ) SUP ( TR21134 RO21134 TR66116 ) ++HOLD (RO66116) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13353) PURPOSE Update msg 9886 to 9998, also fix 64bit compare buffer full condition. USERS All users who have CHORUSSTATG(ON) which writes to TSF AFFECTED (Time Series Facility KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

15 CA Top Secret Security for z/os CA RS PTF RO RO66257 RO66257 M.C.S. ENTRIES = ++PTF (RO66257) WITH MLIPCOBJ(NO) CK_IPC CALLS CAN FAIL With MLACTIVE(YES) and MLIPCOBJ(NO), ck_ipc_access calls are being are still being driven. An OMVS IPC process can fail with message: TSS7264E INSUFFICIENT SECLABEL AUTHORITY VIOLATION OMVS IPC process can fail. None. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS 9537 Copyright (C) 2014 CA. All rights reserved. R00920-TSS150-SP1 DESC(WITH MLIPCOBJ(NO) CK_IPC CALLS CAN FAIL). SUP ( RO49142 TR49142 TR66257 ) ++HOLD (RO66257) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14062) PURPOSE Address ck_ipc_access call possible failures. USERS All users with MLACTIVE(YES AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA refresh, and 'F TSS,REFRESH(SAFOEDRV)' required to install this APAR.

16 CA Top Secret Security for z/os CA RS PTF RO RO66458 RO66458 M.C.S. ENTRIES = ++PTF (RO66458) DUPLICATE PERMISSION ROWS IN CIA PERMXREF TABLE A PERMIT or REVOKE request for a fully qualified resource permission (name embedded in quotes) that updates the CIA data base through the CIA real time component can cause duplicate permission rows in the PERMXREF table. An SQL request to return the content of the PERMXREF table for a user may contain duplicate rows of data in the output. Processes that utilize the information stored in the CIA data base, such as batch reports or Chorus investigations will report invalid results based on the duplicate rows of data. You can use the batch CIA data base load process which loads the correct number of permissions in the PERMXREF table for each user. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9538 Copyright (C) 2014 CA. All rights reserved. R00923-TSS150-SP1 DESC(DUPLICATE PERMISSION ROWS IN CIA PERMXREF TABLE). PRE ( RO36198 RO36912 RO47730 RO50925 ) SUP ( TR63858 TR66458 ) ++HOLD (RO66458) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14023) PURPOSE Prevent duplicate PERMXREF table permissions in the CIA data base USERS Administrators issuing fully qualified PERMIT or REVOKE AFFECTED requests when CIA real time update is active KNOWLEDGE 1 - SMP/E REQUIRED 2 - z/os Systems Programming 3 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. Shut down the CIA real time address space CIARTUPD 2. Synchronize CIA data base to current Top Secret security file using documented batch load procedures 3. Start the CIA real time address space CIARTUPD

17 CA Top Secret Security for z/os CA RS PTF RO RO66459 RO66459 M.C.S. ENTRIES = ++PTF (RO66459) S0C3 ABEND IN CIARTMJL DURING CIA REAL TIME INIT A S0C3 abend in module CIARTMJL may occur during initialization of the CIA real time address space CIARTUPD if the pre-allocated journal data set becomes unusable. CCSR010E CIARTMGR S0C3 at 20B0C9E0 LMOD CIARTMJL CSECT CIARTMJL CIARTUPD N/A CIARTUPD The startup of the CIA real time address space CIARTUPD will not be successful. When this address space is inactive you are not able to keep the CIA database and the Top Secret security file synchronized. You can assign the CIAJRNL DD in the CIARTUPD procedure to a SYSOUT spool file, or disable journalling completely by removing the CIAJRNL DD statement from the procedure. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9539 Copyright (C) 2014 CA. All rights reserved. R00924-TSS150-SP1 DESC(S0C3 ABEND IN CIARTMJL DURING CIA REAL TIME INIT). PRE ( RO36198 ) SUP ( TR66459 ) ++HOLD (RO66459) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14023) PURPOSE Prevent S0C3 abends when CIA journal is unusable USERS Administrators requiring real time synchronization of AFFECTED the CIA data base with the Top Secret security file KNOWLEDGE 1 - SMP/E REQUIRED 2 - z/os Systems Programming 3 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. Recycle the CIA real time address space procedure CIARTUPD

18 CA Top Secret Security for z/os CA RS PTF RO RO66689 RO66689 M.C.S. ENTRIES = ++PTF (RO66689) S92A LMOD CIATSMVT CSECT TSSCIRCF+2E4 An S92A ABEND in LMOD CIATSMVT CSECT TSSCIRCF+2E4 is possible when using CIA Real Time. The CIARTUPD region abends with the following message: CIARTPEV S92A at 2D36D5DC LMOD CIATSMVT CSECT TSSCIRCF +0002E4 The CIARTUPD region abends and will require a restart. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9543 Copyright (C) 2014 CA. All rights reserved. R00932-TSS150-SP1 DESC(S92A LMOD CIATSMVT CSECT TSSCIRCF+2E4). PRE ( RO36198 ) SUP ( TR66689 ) ++HOLD (RO66689) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14014) PURPOSE Address a S92A with CIA/RT. USERS All users that leverage CIA/RT. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of CIA/RT region to install this APAR.

19 CA Top Secret Security for z/os CA RS PTF RO RO66988 RO66988 M.C.S. ENTRIES = ++PTF (RO66988) ERROR W/LIST ARCHIVE IF NAME IS BLANKS If a user is created with a NAME field that contains blanks, for example, 'TSS CREATE(userid) NAME(' ') PASS(pass) TYPE(USER) DEPT(deptname)', then a 'TSS LIST(userid) ARCHIVE INTO('dsname.userid')' is issued, the TSS command generated by the ARCHIVE process is invalid. Invalid TSS command generated if NAME field contains blanks. Command generated can not be used to recreate the acid. Command has to be recreated manually. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9546 Copyright (C) 2014 CA. All rights reserved. R00934-TSS150-SP1 DESC(ERROR W/LIST ARCHIVE IF NAME IS BLANKS). PRE ( RO48091 RO52580 RO53544 RO59130 ) SUP ( RO18633 RO19414 RO21317 TR17158 TR17988 TR18043 TR18633 TR19414 TR21317 TR25830 RO25830 TR29063 RO29063 TR30280 RO30280 TR55736 AR52580 RO55736 TR56568 TR57038 RO57038 TR63353 TR64820 RO64820 TR66988 ) ++HOLD (RO66988) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14062) PURPOSE Load module into LLA and activate USERS All AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and restart CA Top Secret with TSS,,,REINIT

20 CA Top Secret Security for z/os CA RS PTF RO RO67089 RO67089 M.C.S. ENTRIES = ++PTF (RO67089) DON'T PROPAGATE ADMIN-CHECK ONLY SECURITY COMMANDS There are times where TSS commands are issued internally to the product to verify administrative authority for an acid over a given resource. These checks are only relevant to the local system and should not be propagated via CPF. The commands will be seen in the CPF journal files appearing as actual administrative commands when no actual security file changes have occurred. Review of the CPF jounal files may lead to incorrect conclusions about TSS administration performed. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9547 Copyright (C) 2014 CA. All rights reserved. R00935-TSS150-SP1 DESC(DON'T PROPAGATE ADMIN-CHECK ONLY SECURITY COMMANDS). PRE ( RO18634 RO19256 RO20497 RO21793 RO23523 RO25900 RO35644 RO36198 RO37109 RO38472 RO46203 RO50801 RO53633 RO55678 RO63150 RO63740 RO63941 ) SUP ( AR63740 KR55678 RO18880 RO20230 RO20898 RO21191 RO28526 RO28778 RO32792 RO33282 RO38385 RO38784 RO38899 RO49662 RO57685 RO59203 RO59314 RO65717 RO65891 TR16894 TR16956 TR17040 TR17122 TR17596 TR18880 TR20230 TR20898 TR21191 TR28526 TR28778 TR29757 TR32792 TR33282 TR33505 TR33519 TR38385 TR38784 TR38899 TR49662 TR57685 TR59203 TR59314 TR65717 TR65891 TR67089 ) ++HOLD (RO67089) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14071) PURPOSE Load module into LLA and activate USERS All users of CA Top Secret Option for DB2 AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and restart CA Top Secret with TSS,,,REINIT

21 CA Top Secret Security for z/os CA RS PTF RO RO67183 RO67183 M.C.S. ENTRIES = ++PTF (RO67183) ACEEINST MAY POINT TO A FREEMAINED STORAGE If an application is using the ACEEINST field in a cross-memory security call, it is possible that the pointer to the ACEEINST may have been freemained. The user application abends with a S0C4 while referencing the ACEEINST field. The user application will abend with a S0C4. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9549 Copyright (C) 2014 CA. All rights reserved. R00936-TSS150-SP1 DESC(ACEEINST MAY POINT TO A FREEMAINED STORAGE). SUP ( FC56243 TR54884 RO54884 TR67183 ) ++HOLD (RO67183) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14051) PURPOSE Load module into LLA and activate USERS All AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and restart CA Top Secret with TSS,,,REINIT

22 CA Top Secret Security for z/os CA RS PTF RO RO67302 RO67302 M.C.S. ENTRIES = ++PTF (RO67302) AUDIT CHANGES DATE(-01) FAILS W/TSS8125E After fix RO53949, if a TSSAUDIT job is run with the following parms: //STEP1 EXEC PGM=TSSAUDIT,REGION=4M, // PARM='CHANGES DATE(-01)' The TSSAUDIT job fails with the following error message: TSS8125E OPTION UNKNOWN OR INVALID TSSAUDIT job fails with TSS8125E message TSSAUDIT job does not produce any output Add a blank prior to the end quote on the PARM card for example: //STEP1 EXEC PGM=TSSAUDIT,REGION=4M, // PARM='CHANGES DATE(-01) ' PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9553 Copyright (C) 2014 CA. All rights reserved. R00940-TSS150-SP1 DESC(AUDIT CHANGES DATE(-01) FAILS W/TSS8125E). PRE ( RO64503 ) SUP ( TR24362 AR24362 RO24362 TR46218 RO46218 TR49435 RO49435 TR53949 RO53949 TR67302 AR64503 ) ++HOLD (RO67302) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14057) PURPOSE Load module into LLA and activate USERS All AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH, execute TSSAUDIT job again