Verification that SPECTRE and MELTDOWN vulnerabilities are mitigated by z/os

Verification that SPECTRE and MELTDOWN vulnerabilities are mitigated by z/os

Check QIFAMVFF verifies that parameter OSPROTECT= 1 in member IEASYSxx of the parmlib concatenation. 

Specifying the number 1 activates mitigation mode 1, intended to help prevent unauthorized programs and users from being able to indirectly read restricted data. Mitigation mode 1 also includes the default mitigation mode (see SYSTEM). Mitigation mode 1 may have a minor impact to system performance and/or workload execution.

Define the check to IronSphere by adding the following to member QIFCHKxx of SQIFPARM dataset:

   {                                                          
       "NAME":"QIAAMVFF",                                     
       "CKNAME":"MVA_AMV_0FF_00",                             
       "ESM":"ACF2",                                          
       "PARM":" ",                                            
       "STRTHH":"06",                                         
       "STRTMM":"00",                                         
       "INTERVAL":"12",                                       
       "STATUS":"ACTIVE",                                     
       "TITLE":"OSPROTECT=1 is not specified in the IEASYSxx  
                member(s) in the currently active parmlib     
                data set(s).                                  
                "                                             
       },