If you do a cross zone query against the SYSMOD name of the FMID (e.g. HRF77B0), then select the GLOBAL zone, then "L" for HOLDDATA, you will see all the SECINT class holds if they are there. If they've also received the SECINT assign statements, there will also be SYSMODs with a SOURCEID of SECINT. Regards
-----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Itschak Mugzach Sent: 18 January 2023 20:00 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to determine if Enhanced HOLDDATA received? Kurt, As one the do not run apply check, how can I determine if such holddata was receive or not? I believe that second holddata is relatively rare so if one receives holddata, how can we determine the source for it? I respect the decision who can access the data, but I need to understand if the client received such holddata or not during security assessment ITschk בתאריך יום ד׳, 18 בינו׳ 2023 ב-21:34 מאת Kurt J. Quackenbush < ku...@us.ibm.com>: > HOLDDATA with CLASS(SECINT) is only available on the IBM Z Security Portal. > > Who can and cannot obtain access to the IBM Z Security Portal is > documented in this FAQ: https://ibm.biz/security-portal-faq. > > In short, from the FAQ, "the Security Portal is for IBM clients that > have a licensed IBM Z or LinuxONE mainframe. It is not intended for > users of emulators, such as zPDT, zRD&T, etc. using the z/OS ADCD or z/VM > ADCD." > So, a vendor that also has a license can obtain access. No license? > No access. And I am only a messenger on this topic. > > Kurt Quackenbush > IBM | z/OS SMP/E and z/OSMF Software Management | ku...@us.ibm.com > > Chuck Norris never uses CHECK when he applies PTFs. > > >> Do you have access to security portal? the information I am looking > >> for are only available there. I was told by IBM that as a vendor, I > >> can't get access to it. See below for details about the cvss info: > >> The HOLDDATA available from the IBM Z and LinuxONE Security Portal > >> adds a new HOLD CLASS, SECINT, and the HOLD SYMPTOMS contains the > >> CVSS Base and Temporal scores. > > > I am surprised to hear IBM would take a position like that. It seems > almost inconceivable that large vendors like BMC and Broadcom are > locked out of the Secure Portal. > > > My experience has been that an individual working for an IBM Z > > customer, > with a manager or CISO that will vouch for them, can get access. > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
