CA Top Secret Security for z/os CA RS 1710 Service List

Transcription

1 CA Top Secret Security for z/os CA RS 1710 List Description Type RO91062 PASSPHRASE VIOLATION IN FAC(STC) CAUSES LOOP WITH OPTIONS(4) PTF RO97371 CICS VERIFY PASSWORD INVALID FACILITY CHECK PTF RO97372 CICS VERIFY PASSWORD INVALID FACILITY CHECK PTF RO97390 CICS SIGNON FAILS WITH SRC/DRC WITH *1C*-19 PTF RO97504 TSS9490E UNABLE TO PLANT SIGNON SECURITY INTERCEPT IMS PTF RO97567 S0C4 ABEND IN TSSKERNL WHEN RENAMING ACIDS PTF RO97746 STORAGE DEADMAIN IN CSA SUBPOOL 231, KEY 3 PTF RO97809 S878 ISSUING CIARTUPD,STATUS COMMANDS PTF RO97814 REMOVE DEAD/INVALID UID(0) WHOHAS ENTRIES AUTOMATICALLY PTF RO97832 FAIL AN ADD COMMAND WHEN PROFILE() IS ENTERED PTF RO97892 SUPPORT DFSMS DATA SET ENCRYPTION PTF RO97899 STORAGE LEAK WITH SUPPLEMENTAL GROUPS PTF RO98051 ENHANCE ADMIN SECURITY FOR MULTI-FACTOR AUTHENTICATION PTF RO98232 INCREASE MAX SECCACHE SIZE PTF The CA RS 1710 service count for this release is 14

2 CA Top Secret Security for z/os 2 CA RS 1710 List for FMID Description Type RO91062 PASSPHRASE VIOLATION IN FAC(STC) CAUSES LOOP WITH OPTIONS(4) PTF RO97371 CICS VERIFY PASSWORD INVALID FACILITY CHECK PTF RO97390 CICS SIGNON FAILS WITH SRC/DRC WITH *1C*-19 PTF RO97567 S0C4 ABEND IN TSSKERNL WHEN RENAMING ACIDS PTF RO97746 STORAGE DEADMAIN IN CSA SUBPOOL 231, KEY 3 PTF RO97809 S878 ISSUING CIARTUPD,STATUS COMMANDS PTF RO97814 REMOVE DEAD/INVALID UID(0) WHOHAS ENTRIES AUTOMATICALLY PTF RO97832 FAIL AN ADD COMMAND WHEN PROFILE() IS ENTERED PTF RO97892 SUPPORT DFSMS DATA SET ENCRYPTION PTF RO97899 STORAGE LEAK WITH SUPPLEMENTAL GROUPS PTF RO98051 ENHANCE ADMIN SECURITY FOR MULTI-FACTOR AUTHENTICATION PTF RO98232 INCREASE MAX SECCACHE SIZE PTF The CA RS 1710 service count for this FMID is 12

3 CA Top Secret Security for z/os 3 CA RS 1710 List for CAKOG01 FMID Description Type CAKOG01 RO97372 CICS VERIFY PASSWORD INVALID FACILITY CHECK PTF The CA RS 1710 service count for this FMID is 1

4 CA Top Secret Security for z/os 4 CA RS 1710 List for CAKOG02 FMID Description Type CAKOG02 RO97504 TSS9490E UNABLE TO PLANT SIGNON SECURITY INTERCEPT IMS PTF The CA RS 1710 service count for this FMID is 1

5 CA Top Secret Security for z/os CA RS PTF RO91062 RO91062 RO91062 M.C.S. ENTRIES = ++PTF (RO91062) PASSPHRASE VIOLATION IN FAC(STC) CAUSES LOOP WITH OPTIONS(4) PROBLEM DESCRIPTION: A Passphrase security violation occurring under Facility STC will drive a retry loop if OPTIONS(4) is set. TSS7100E 007 J=jjjjjjj A=aaaa T=N/A F=STC - PASSWORD PHRASE MISSING TSS7102E Password Phrase Missing The signon process will loop indefinitely. Supply the correct passphrase. CA Top Secret for z/os Release 15.0 CA Top Secret for z/os Version 16.0 TSSMVS 9851 Copyright (C) 2016 CA. All rights reserved. R00161-TSS160-SP1 DESC(PASSPHRASE VIOLATION IN FAC(STC) CAUSES LOOP WITH OPTIONS(4) FMID () PRE ( RO83104 RO84794 RO86945 ) SUP ( TR91062 ) ++HOLD (RO91062) SYSTEM FMID() REASON (DYNACT ) DATE (16208) CA Top Secret for z/os Version 16.0 PURPOSE Load modules into memory and activate USERS All using Passphrases AFFECTED KNOWLEDGE SMP/E REQUIRED Operator Commands ACCESS SMP/E REQUIRED Operator Commands SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

6 CA Top Secret Security for z/os CA RS PTF RO97371 RO97371 RO97371 M.C.S. ENTRIES = ++PTF (RO97371) CICS VERIFY PASSWORD INVALID FACILITY CHECK PROBLEM DESCRIPTION: After CICS level RSU1412, CA Top Secret does not handle return codes correctly for the EXEC CICS VERIFY PASSWORD command when an ACID is not authorized to a facility. TSSUTIL correctly reports a 1C-06 violation (not authorized to facility CA Top Secret returns a response to CICS, indicating that the ACID is authorized to the program to CICS. CA Top Secret returns zeros. The impact depends on how the application handles the return. N / A CA Top Secret for z/os Release 15.0 CA Top Secret for z/os Version 16.0 TSSMVS 9948 Copyright (C) 2017 CA. All rights reserved. R00322-TSS160-SP1 DESC(CICS VERIFY PASSWORD INVALID FACILITY CHECK FMID () PRE ( RO81843 RO83104 RO84794 RO85911 RO86945 RO88603 RO91603 RO92696 RO92771 RO95818 RO96696 RO97009 ) SUP ( AC90345 AR92771 RO80102 RO89828 RO93932 TR80102 TR89828 TR93901 TR93932 TR95646 TR95923 TR96364 TR96715 TR96790 TR96899 TR97138 TR97371 ) ++IF FMID(CAKOG01) REQ(RO97372 ). ++HOLD (RO97371) SYSTEM FMID() REASON (DYNACT ) DATE (17270) CA Top Secret for z/os Version 16.0 PURPOSE Correct return code on EXEC CICS VERIFY USER USERS CICS user that issue AFFECTED 'EXEC CICS VERIFY USERID(XXXXXX) PASSWORD(XXXXX)' KNOWLEDGE SMP/E REQUIRED z/os Operator Commands ACCESS SMP/E REQUIRED z/os Operator Commands LLA REFRESH and TSS REINIT

7 CA Top Secret Security for z/os CA RS PTF RO97372 RO97372 RO97372 M.C.S. ENTRIES = ++PTF (RO97372) CICS VERIFY PASSWORD INVALID FACILITY CHECK PROBLEM DESCRIPTION: After CICS level RSU1412, CA Top Secret does not handle return codes correctly for the EXEC CICS VERIFY PASSWORD command when an ACID is not authorized to a facility. TSSUTIL correctly reports a 1C-06 violation (not authorized to facility CA Top Secret returns a response to CICS, indicating that the ACID is authorized to the program to CICS. CA Top Secret returns zeros. The impact depends on how the application handles the return. N / A CA Top Secret for z/os Release 15.0 CA Top Secret for z/os Version 16.0 TSSMVS 9948 Copyright (C) 2017 CA. All rights reserved. R00322-TSS160-SP1 DESC(CICS VERIFY PASSWORD INVALID FACILITY CHECK FMID (CAKOG01) PRE ( RO81844 RO92772 ) SUP ( TR92013 TR95924 TR96716 TR96791 TR96900 TR97139 TR97372 ) ++IF FMID() REQ(RO97371 ). ++HOLD (RO97372) SYSTEM FMID(CAKOG01) REASON (DYNACT ) DATE (17270) CA Top Secret for z/os CICS Component Version 16.0 PURPOSE Correct return code on EXEC CICS VERIFY USER USERS CICS user that issue AFFECTED 'EXEC CICS VERIFY USERID(XXXXXX) PASSWORD(XXXXX)' KNOWLEDGE SMP/E REQUIRED z/os Operator Commands ACCESS SMP/E REQUIRED z/os Operator Commands LLA REFRESH and TSS REINIT

8 CA Top Secret Security for z/os CA RS PTF RO97390 RO97390 RO97390 M.C.S. ENTRIES = ++PTF (RO97390) CICS SIGNON FAILS WITH SRC/DRC WITH *1C*-19 PROBLEM DESCRIPTION: If a cics signon FUNCTION(ADD_USER_WITH_PASSWORD) SIGNON_TYPE(NON_TERMINAL_SIGN_ON) is driven, the signon will fail with REASON(USERID_REVOKED A TSSUTIL report will show SRC/DRC with *1C*-19. This type of failure will occur only if the acid has the NOATS attribute. CICS trace show an ADD_USER_WITH_PASSWORD call returning USERID_REVOKED. TSSUTIL reports a SRC/DRC with *1C*-19 violation. Signon process fails. Remove the NOATS attribute. CA Top Secret for z/os Version 16.0 TSSMVS 9976 Copyright (C) 2017 CA. All rights reserved. R00323-TSS160-SP1 DESC(CICS SIGNON FAILS WITH SRC/DRC WITH *1C*-19 FMID () PRE ( RO83104 RO84794 RO86945 RO88603 RO88796 RO89334 RO92696 RO92771 RO94971 RO95793 RO96696 RO96857 ) SUP ( AR88603 BR88603 RO89210 RO89889 RO90784 RO94168 RO95692 TR89210 TR89691 TR89889 TR90753 TR90784 TR94168 TR95692 TR97390 ) ++HOLD (RO97390) SYSTEM FMID() REASON (DYNACT ) DATE (17222) CA Top Secret for z/os Version 16.0 PURPOSE Load module into LLA and activate USERS ALL AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and restart CA Top Secret with TSS,,,REINIT

9 CA Top Secret Security for z/os CA RS PTF RO97504 RO97504 RO97504 M.C.S. ENTRIES = ++PTF (RO97504) TSS9490E UNABLE TO PLANT SIGNON SECURITY INTERCEPT IMS PROBLEM DESCRIPTION: After IBM IMS APAR PI60288 for IMS 13 is applied, the TSS Interface fails with message: TSS9490E UNABLE TO PLANT SIGNON SECURITY INTERCEPT IMS. Signon to the IMS control region will fail. IMS region cannot be used. Return to your old IMS libraries until this maintenance is applied. CA Top Secret for z/os Release 16.0 CA Top Secret for z/os Release 15.0 TSSMVS 9945 Copyright (C) 2017 CA. All rights reserved. R00326-TSS160-SP1 DESC(TSS9490E UNABLE TO PLANT SIGNON SECURITY INTERCEPT IMS FMID (CAKOG02) PRE ( RO88969 ) SUP ( TR97504 ) ++HOLD (RO97504) SYSTEM FMID(CAKOG02) REASON (DYNACT ) DATE (17270) CA Top Secret for z/os IMS Component Version 16.0 PURPOSE Enable TSS IMS Install signoff hook USERS User of IMS 13.1 after PI60288 or RSU1703 AFFECTED KNOWLEDGE SMP/e CSI libraries. REQUIRED ACCESS 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration SMP APPLY, LLA REFRESH, Recycle the IMS region to install this APAR.

10 CA Top Secret Security for z/os CA RS PTF RO97567 RO97567 RO97567 M.C.S. ENTRIES = ++PTF (RO97567) S0C4 ABEND IN TSSKERNL WHEN RENAMING ACIDS PROBLEM DESCRIPTION: An S0C4 abend can occur in the TSSKERNL module TSSSEC when an administrator performs a TSS RENAME command against an ACID that is currently logged on and active in an application that is including ENVRIN objects to perform security authorizations. TSS9999E CA-TSS SECURITY SVC ABEND S0C4 IN TSSKERNL+527CC The user transaction is terminated with the abend and a dump of the abend is generated. The user who has been renamed must logoff and log back on with the new name to continue. Do not RENAME active users, ensure that the user is logged off of all applications prior to renaming the user. CA Top Secret for z/os Release 15.0 TSSMVS 9757 Copyright (C) 2017 CA. All rights reserved. R00329-TSS160-SP1 DESC(S0C4 ABEND IN TSSKERNL WHEN RENAMING ACIDS FMID () PRE ( RO83104 RO84794 RO86945 RO87918 RO89334 RO91603 RO96857 ) SUP ( AR87918 AR89334 AR90069 RO87875 RO88651 RO89203 RO89888 RO90069 RO90317 RO91469 RO92584 TR86962 TR87875 TR87890 TR87917 TR88651 TR88994 TR89004 TR89180 TR89203 TR89665 TR89888 TR89997 TR90069 TR90317 TR91469 TR92584 TR97567 ) ++HOLD (RO97567) SYSTEM FMID() REASON (DYNACT ) DATE (17261) CA Top Secret for z/os Version 16.0 PURPOSE Activate without an IPL USERS All AFFECTED KNOWLEDGE SMP/E REQUIRED z/os Operator Commands ACCESS SMP/E Libraries REQUIRED z/os Operator Commands Apply apar, refresh LLA and restart TSS with a REINIT.

11 CA Top Secret Security for z/os CA RS PTF RO97746 RO97746 RO97746 M.C.S. ENTRIES = ++PTF (RO97746) STORAGE DEADMAIN IN CSA SP231, KEY3 PROBLEM DESCRIPTION: TSSKEXTR is issuing unnecessary i/o requests to obtain XE information from the first profile. When password or phrase fields are requested there is no need to try to get this information from the first profile beause the profile acid does not contain an XE06 or XE12. 1) XXE requests for XE06 and XE12 get x'4e' error. 2) Storage deadmain in SP231, Key 3 on RACROUTE REQUEST=EXTRACT calls. Unnecessary i/o requests are issued. These extracts have been a part of the product and are not new. This maintnenace will enhance performance with the removal of these calls. More importantly, once Passphrases are in use sites may experience a steady growth of CSA SP231, Key 3 storage. This could lead to requiring an IPL. 1) None for the performance enhancement. 2) Do not implement Passphrases for acids that are used in CICS or which may require extracts of the passphrase segment. CA Top Secret for z/os Version 15.0 TSSMVS 9829 Copyright (C) 2017 CA. All rights reserved. R00332-TSS160-SP1 DESC(STORAGE DEADMAIN IN CSA SUBPOOL 231, KEY 3 FMID () PRE ( RO84794 RO87883 RO92696 RO92771 RO96977 RO96998 ) SUP ( RO95857 RO97317 TR95857 TR97150 TR97317 TR97746 ) ++HOLD (RO97746) SYSTEM FMID() REASON (DYNACT ) DATE (17248) CA Top Secret for z/os Version 16.0 PURPOSE Load modules into memory USERS All AFFECTED KNOWLEDGE SMP/E REQUIRED Console Commands ACCESS SMP/E REQUIRED Console Commands Refresh LLA and restart TSS with a REINIT

12 CA Top Secret Security for z/os CA RS PTF RO97809 RO97809 RO97809 M.C.S. ENTRIES = ++PTF (RO97809) S878 ISSUING CIARTUPD,STATUS COMMANDS PROBLEM DESCRIPTION: Issuing CIA real-time status commands can cause a DEADMAIN of buffers in below the line memory, subpool 0 key 8. The problem can occur when issuing numerous STATUS commands over time. The CIARTUPD address space ABENDS with S in module CIARTSTS. CIA real-time events will no longer be sent. Do not issue CIA STATUS commands numerous times. If the region ABENDS the CIARTUPD address space can be restarted. TSSMVS Release 16.0 TSSMVS 9475 Copyright (C) 2017 CA. All rights reserved. R00334-TSS160-SP1 DESC(S878 ISSUING CIARTUPD,STATUS COMMANDS FMID () SUP ( TR97809 ) ++HOLD (RO97809) SYSTEM FMID() REASON (DYNACT ) DATE (17248) CA Top Secret for z/os Version 16.0 PURPOSE Load module into LLA and activate USERS All AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and a restart CIA REALTIME is required to install this APAR.

13 CA Top Secret Security for z/os CA RS PTF RO97814 RO97814 RO97814 M.C.S. ENTRIES = ++PTF (RO97814) REMOVE DEAD/INVALID UID(0) WHOHAS ENTRIES AUTOMATICALLY PROBLEM DESCRIPTION: The security file may contain invalid WHOHAS entries for UID(0) if acids that had UID(0) were deleted. TSS maintenance has corrected the problem but the dead/invalid entries remain in the file. TSS WHOHAS UID(0) displays acids that do not have UID(0) Incorrect output None CA Top Secret for z/os Release 16.0 TSSMVS 9967 Copyright (C) 2017 CA. All rights reserved. R00335-TSS160-SP1 DESC(REMOVE DEAD/INVALID UID(0) WHOHAS ENTRIES AUTOMATICALLY FMID () PRE ( RO84794 RO89361 RO92696 RO95454 RO96977 ) SUP ( TR97068 TR97814 ) ++HOLD (RO97814) SYSTEM FMID() REASON (DYNACT ) DATE (17248) CA Top Secret for z/os Version 16.0 PURPOSE Load modules in memory USERS All administrators issuing TSS WHOHAS UID(0) commands AFFECTED KNOWLEDGE Console commands REQUIRED CA Top Secret Administration ACCESS Console authority REQUIRED CA Top Secret Administration Authority LLA REFRESH and a restart of TSS

14 CA Top Secret Security for z/os CA RS PTF RO97832 RO97832 RO97832 M.C.S. ENTRIES = ++PTF (RO97832) The following items are included in this solution: 1. FAIL AN ADD COMMAND WHEN PROFILE() IS ENTERED 2. TSSCFBK MAY ABEND/HANG IF CPF OR LDS IS ACTIVE ========================================================================== FAIL AN ADD COMMAND WHEN PROFILE() IS ENTERED PROBLEM DESCRIPTION: When adding a profile to a user, if the ADD command contains PROFILE() and contains the UNTIL or FOR keyword (for expiring the profile at a future date), the expiration criteria are instead added to the user. None, the command executes successfully even though the intent was to expire the profile in the future and not the user. If you list the user you should see the expiration date on the user. A user is suspended incorrectly and must be reset. Enter valid data when specifying PROFILE(xxxxxx CA Top Secret for z/os Release 15.0 CA Top Secret for z/os Version 16.0 TSSMVS 9981 ========================================================================== TSSCFBK MAY ABEND/HANG IF CPF OR LDS IS ACTIVE PROBLEM DESCRIPTION: The TSSCFBK utility may abend with multiple symptoms (0C1,0C4) or may hang with no response if either the Command Propagation Facility (CPF) or LDAP Directory s (LDS) is active. This happens because(?) the commands entered via TSSCFBK are not eligible for CPF or LDS and should only run in the local address space. Abend 0C1 on branch to low core, abend 0C4 attempting to use unallocated storage, and/or region hang waiting for task to be posted. The abends and/or hang will prevent the utility from operating properly. Use the regular TSSCFILE utility or add TARGET(=) on commands to make sure they only execute locally. CA Top Secret for z/os Version 16.0 TSSMVS 9982 Copyright (C) 2017 CA. All rights reserved. R00336-TSS160-SP1 DESC(FAIL AN ADD COMMAND WHEN PROFILE() IS ENTERED FMID () PRE ( RO82138 RO82305 RO84794 RO86945 RO92696 RO94913 RO95428 RO95454 RO96977 RO97114 ) SUP ( AR96977 RO91002 RO92619 RO92967 RO93757 RO94101 RO95291 RO96103 RO97041 TR91002 TR92609 TR92619 TR92967 TR93757 TR94101 TR95109 TR95291 TR96103 TR97041 TR97832 ) ++HOLD (RO97832) SYSTEM FMID() REASON (DYNACT ) DATE (17250) CA Top Secret for z/os Version 16.0

15 CA Top Secret Security for z/os CA RS PTF RO97832 PURPOSE Activate without an IPL USERS All AFFECTED KNOWLEDGE 1. Console commands REQUIRED 2. Top Secret administration ACCESS 1. Console authority REQUIRED 2. TSS administrative authority SMP APPLY, LLA REFRESH and restart CA Top Secret with TSS,,,REINIT

16 CA Top Secret Security for z/os CA RS PTF RO97892 RO97892 RO97892 M.C.S. ENTRIES = ++PTF (RO97892) SUPPORT DFSMS DATA SET ENCRYPTION Enhancement Description: z/os DFSMS is providing a simple approach to enable extensive encryption of data at rest for data on disk through DFSMS access methods. Security and Storage Administrators who are required to protect customer data can leverage the z Systems hardware encryption for data at rest through existing policy management without application changes. This is a PRODUCT ENHANCEMENT Allows encryption of certain types of datasets on 3390 DASD. None CA Top Secret for z/os Release 16.0 TSSMVS 9937 Copyright (C) 2017 CA. All rights reserved. R00338-TSS160-SP1 DESC(SUPPORT DFSMS DATA SET ENCRYPTION FMID () PRE ( RO82138 RO83104 RO84794 RO86945 RO87918 RO88415 RO89334 RO89361 RO91447 RO91603 RO92696 RO92771 RO92854 RO95026 RO95454 RO95793 RO96857 RO96977 ) SUP ( AR87918 AR89334 AR90069 AR93059 AR94686 AR96977 BR92696 RO79659 RO81160 RO81855 RO82305 RO85956 RO87515 RO87875 RO87883 RO88473 RO88651 RO89203 RO89888 RO90069 RO90165 RO90186 RO90317 RO90626 RO91002 RO91469 RO91707 RO92584 RO92619 RO92967 RO93059 RO93171 RO93757 RO94101 RO94686 RO94913 RO95244 RO95291 RO95428 RO95857 RO96103 RO96542 RO96998 RO97041 RO97114 RO97317 RO97567 RO97746 RO97814 RO97832 TR79659 TR81160 TR81855 TR82305 TR85956 TR86962 TR87515 TR87875 TR87883 TR87890 TR87917 TR88473 TR88651 TR88994 TR89004 TR89180 TR89203 TR89665 TR89833 TR89888 TR89997 TR90069 TR90165 TR90186 TR90317 TR90626 TR91002 TR91469 TR91707 TR92584 TR92609 TR92619 TR92967 TR93059 TR93171 TR93757 TR94101 TR94686 TR94779 TR94913 TR95109 TR95191 TR95244 TR95291 TR95428 TR95857 TR96103 TR96542 TR96675 TR96763 TR96998 TR97041 TR97068 TR97114 TR97150 TR97317 TR97548 TR97556 TR97567 TR97576 TR97746 TR97814 TR97832 TR97892 ) ++HOLD (RO97892) SYSTEM FMID() REASON (DYNACT ) DATE (17271) CA Top Secret for z/os Version 16.0 PURPOSE Support DFSMS dataset encryption USERS All AFFECTED KNOWLEDGE 1- SMP/E 2- z/os Systems Programming REQUIRED 3- Security Administration ACCESS SMP/E CSI libraries REQUIRED

17 CA Top Secret Security for z/os CA RS PTF RO97892 Refresh LLA. Refresh SAF with F TSS,REFRESH(SAF Restart TSS with REINIT.

18 CA Top Secret Security for z/os CA RS PTF RO97899 RO97899 RO97899 M.C.S. ENTRIES = ++PTF (RO97899) The following items are included in this solution: 1. STORAGE LEAK WITH SUPPLEMENTAL GROUPS 2. S0C4 ABENDS IN TSSKERNL AT OFFSET ========================================================================== STORAGE LEAK WITH SUPPLEMENTAL GROUPS PROBLEM DESCRIPTION: A storage leak occurs when users with Supplemental groups sign on to OMVS occurs when users signon to OMVS. Storage consumption slowly increases until there is a storage shortage. Application abends might be caused by the storage problems. N/A CA Top Secret for z/os Version 16.0 TSSMVS 9983 ========================================================================== S0C4 ABENDS IN TSSKERNL AT OFFSET PROBLEM DESCRIPTION: An S0C4 abend occurs in TSSKERNL at offset if a RACROUTE FASTAUTH security check includes an ENVROBJ and targets a currently suspended ACID TSS9999E CA-TSS SECURITY SVC ABEND S0C4 IN TSSKERNL TSS9999E ABENDING JOB=jobname ACID=acidid FUNCTION=F The current tasks is abended and a dump is produced, but the product continues to function. Use the ACID identifier to find the user suspension and remove it. CA Top Secret for z/os Version 16.0 TSSMVS 9988 Copyright (C) 2017 CA. All rights reserved. R00339-TSS160-SP1 DESC(STORAGE LEAK WITH SUPPLEMENTAL GROUPS FMID () PRE ( RO83104 RO84794 RO86945 RO88603 RO88796 RO89334 RO92696 RO92771 RO94971 RO95793 RO96696 RO96857 ) SUP ( AR88603 BR88603 RO89210 RO89889 RO90784 RO94168 RO95692 RO97390 TR89210 TR89691 TR89889 TR90753 TR90784 TR94168 TR95692 TR97390 TR97899 TR98062 ) ++HOLD (RO97899) SYSTEM FMID() REASON (DYNACT ) DATE (17264) CA Top Secret for z/os Version 16.0 PURPOSE Activate without an IPL USERS ALL AFFECTED KNOWLEDGE SMP/E REQUIRED z/os Operator Commands

19 CA Top Secret Security for z/os CA RS PTF RO97899 ACCESS SMP/E CSI libraries REQUIRED z/os Operator Commands Refresh LLA and restart TSS with a REINIT.

20 CA Top Secret Security for z/os CA RS PTF RO98051 RO98051 RO98051 M.C.S. ENTRIES = ++PTF (RO98051) ENHANCE ADMIN SECURITY FOR MULTI-FACTOR AUTHENTICATION ENHANCEMENT DESCRIPTION: To administer multi-factor authentication factors to users, an SCA administrator must now have ACID(MAINTAIN) and UPDATE access to entity TSSCMD.ADMIN.factor in the CASECAUT resource class, where factor represents the appropriate authentication type (CARSA, IBMRSA, or CAPAM Any SCA that administers the factors now requires ACID(MAINTAIN), and the CASECAUT permission. Example: TSS PERMIT(scaadm1) CASECAUT(TSSCMD.ADMIN.CARSA) ACCESS(UPDATE) None CA Top Secret for z/os Version 16.0 TSSMVS 9985 Copyright (C) 2017 CA. All rights reserved. R00342-TSS160-SP1 DESC(ENHANCE ADMIN SECURITY FOR MULTI-FACTOR AUTHENTICATION FMID () PRE ( RO82138 RO84794 RO86945 RO92696 RO92854 RO94913 RO95454 RO96977 RO97114 RO97832 RO97892 ) SUP ( AR96977 RO81855 RO82305 RO91002 RO92619 RO92967 RO93757 RO94101 RO95291 RO95428 RO96103 RO97041 TR81855 TR82305 TR91002 TR92609 TR92619 TR92967 TR93757 TR94101 TR94779 TR95109 TR95291 TR95428 TR96103 TR97041 TR98051 ) ++HOLD (RO98051) SYSTEM FMID() REASON (DYNACT ) DATE (17271) CA Top Secret for z/os Version 16.0 PURPOSE New CASECAUT Authority for Restricting MFA factor Administration. USERS All MFA users. AFFECTED KNOWLEDGE 1- SMP/E 2- z/os Systems Programming REQUIRED 3- Security Administration ACCESS SMP/E CSI libraries REQUIRED LLA Refresh and REINIT of TSS

21 CA Top Secret Security for z/os CA RS PTF RO98232 RO98232 RO98232 M.C.S. ENTRIES = ++PTF (RO98232) INCREASE MAX SECCACHE SIZE ENHANCEMENT DESCRIPTION: This enhancement is a continuation of the SECCACHE relief efforts of fixes RO95752, RO95692, and RO CA Top Secret's SECCACHE currently cannot hold more than 2GB of ACID information. Sites with a large security database may require more than 2GB to get all necessary ACIDs into the cache. After the enhancement, CA Top Secret's SECCACHE can utilize up to 10GB of space. If the SECCACHE becomes full, the NOSPACE statistic starts increasing, and additional entries are add only as existing cache entries are cleaned up per defined settings. A site that fills their SECCACHE might see excessive ENQ contentions against their SECCACHE as more users are trying to be added. Some performance impact may occur if a large volume of high-use ACIDs are not added to the cache. If you are unable to IPL, apply fixes RO95752, RO95692, and RO These should help alleviate contention problems when SECCACHE is full. The CA Top Secret SECCACHE cannot be increased beyond 2GB without this enhancement. To address performance issues, consider the "last used" expiration interval for the ACIDs in the cache. Try to use a value that preserves the most frequently used ACIDs in the cache and removes those less used. CA Top Secret for z/os Version 16.0 TSSMVS 9961 Copyright (C) 2017 CA. All rights reserved. R00350-TSS160-SP1 DESC(INCREASE MAX SECCACHE SIZE FMID () PRE ( RO80995 RO82138 RO83157 RO83426 RO84470 RO84794 RO86945 RO87918 RO88415 RO88932 RO89334 RO90627 RO92696 RO92808 RO93298 RO95026 RO95454 RO96977 ) SUP ( RO80127 RO85843 RO85987 RO89682 RO95424 RO95752 RO96225 TR78447 TR78858 TR78860 TR78877 TR78879 TR80127 TR84431 TR85843 TR85970 TR85973 TR85987 TR89682 TR95424 TR95581 TR95752 TR96211 TR96225 TR97137 TR98232 ) ++HOLD (RO98232) SYSTEM FMID() REASON (IPL ) DATE (17271) CA Top Secret for z/os Version 16.0 PURPOSE After applying and IPL'ing, users can then utilize the larger size limits of CA Top Secret SECCACHE utility. USERS All users. AFFECTED KNOWLEDGE SMP/e, z/os Systems Programming, Security Administration REQUIRED ACCESS Product libraries, TSS MODIFY commands

22 CA Top Secret Security for z/os CA RS PTF RO98232 REQUIRED 1. After apply, you MUST IPL the system in order to use the new SECCACHE capabilities. 2. After IPL, you can then specify a larger SECCACHE size: For example: TSS MODIFY SECCACHE(SIZE=10240) which allocates a new SECCACHE at 10GB and uses the defaults for all other parameters. See the documentation on CA DocOps for more details.

23 CA Top Secret Security for z/os CA RS 1710 Product/Component Listing Product Family Product Release Security CA TOP SECRET FOR Z/OS The CA RS 1710 Product/Component Count for this release is 1

24 CA Top Secret Security for z/os All CA RS Levels List CA RS Level FMID CAR1710 RO98232 RO98051 RO97899 RO97892 RO97832 RO97814 RO97809 RO97746 RO97567 RO97504 RO97390 RO97372 RO97371 RO91062 CAKOG02 CAKOG01 CAR1709 RO97317 RO97257 RO97114 RO97009 CAR1708 RO97041 RO96998 RO96977 RO96857 RO96670 RO96542 RO96225 RO96135 RO95752 RO94449 RO94015 RO91735 RO91733 CAKOG01 CAKOG01 CAR1707 RO96696 RO96321 RO96125 RO96103 RO96081 CAR1706 RO96001 RO95981 RO95938 RO95857 RO95818 RO95793 RO95454 RO95428 RO95424 RO92920 CAR1705 RO95692 RO95291 RO95244 RO95201 RO95061 RO88301 CAR1704 RO95026 RO94971 RO94913

25 CA Top Secret Security for z/os All CA RS Levels List CA RS Level FMID RO94909 RO94718 RO94686 RO94168 RO93932 CAR1703 RO94517 RO94383 RO94298 RO94101 RO93840 CAR1702 RO93979 RO93757 RO93744 RO93398 CAR1701 RO93171 RO92888 RO92584 CAR1612 RO93298 RO93059 RO92967 RO92772 RO92771 RO92742 RO92581 RO92412 RO92198 RO92092 RO92039 CAKOG01 CAKOG01 CAR1611 RO92854 RO92811 RO92809 RO92808 RO92696 RO92675 RO92619 RO92560 RO92502 RO91873 RO91186 RO88880 CAR1610 RO91454 RO91447 CAR1609 RO91707 RO91702 RO91603 RO91469 RO91248 RO91172 RO90979 RO90633 CAKOG01 CAR1608 RO91002 RO90784 RO90627 RO90626 RO90186

26 CA Top Secret Security for z/os All CA RS Levels List CA RS Level FMID RO89750 RO88433 RO86556 CAKOG01 CAR1607 RO90358 RO90317 RO90165 RO89936 RO89828 CAR1606 RO90184 CAKOG01 RO90069 RO89965 RO89889 RO89888 RO89682 RO89668 RO89233 CAR1605 RO89361 RO89334 RO89210 RO89203 CAR1604 RO88969 CAKOG02 RO88968 RO88932 RO88848 RO88796 RO88651 RO88603 RO88551 RO88473 RO88415 RO87918 RO87883 RO87515 CAR1603 RO88130 RO87961 RO87881 RO87875 RO87826 CAKOG01 CAR1602 RO87827 RO87738 RO87735 RO86945 RO86559 RO86552 RO86294 RO85890