Changes to System Values:
- The score for a zero value of QRETSVRSEC is changed from 0 to 30. Recommended value is now 1.
- The score for QPWDRQDDIF has been corrected. A value of 1 is the best, 8 is not good and zero continues to be the worst.
- A change to the score of QPWDMINLEN. Raz-Lee recommends the number 6 so any number above 5 gets a 100.
- Added a new ‘Disconnect’ button that appears at the bottom left of the window when the application is connected to a remote system. Assessment can now run against multiple systems without restarting the application.
- QRETSVRSEC – adopt IBM recommendation for a value of #1
- QMAXSGNACN – disabling the user profile only (value of #2) gets increased score
- QALWOBJRST – bug fix for the score of *ALWPTF which showed a number instead of stars
- QPWDRQDDIF – improved score calculation
- QPWDLVL – added description and risk texts
- Registration Facility Exit Points Protection – Change User Profile and Create User Profile: If QSYS/QGLDPUEXIT is the only exit program detected, it is rated with 0 stars. This program is not relevant to security
- 3.7 *NOQTEMP – If this is Off this means that operations in QTEMP are audited. This is better than if they are not audited. So Off should result in five stars, On in zero stars.
- 3.11 Users with command line access – improved rating based on the total number of users
- Version of Assessment is printed in the report
- New default iSecurity logo and SEA logo.
- Wording update for SEA and default mainly for the ‘About’ sections.
- If the report is interrupted while being generated, the report output directory is deleted to avoid listing it.
- Bug Fix to ‘Analyze libraries with *PUBLIC authority’ – the count field was using floating point numbers.
- “User Class” section is now information only and does not take part in scoring.
- The year of the certificate is updated to 2019
- Revamped design
Bug Fix – the product crushed while generating report and where the Anti‐Virus module was not installed.
Preferences (Settings) screen – removed settings regarding number of users.
- New look & feel for the reports.
- This release runs on latest Java8.
NOTE: It is important to use this version with latest Java™ release.
- Removed mail sending function since there were many issues with it and it got even worse with newer Java™ releases.
- Added settings UI for different aspects of the report that are due to the number of users.
- Analyzing Libraries with
This is optional upon settings as there is a potential for long running operation.
- Added support for
*NOQTEMP(Auditing of Objects in QTEMP) in section #3.7.
- Bug fix for querying
- The special exit program
GSCCASQ@Rfor exit point ‘
Database Server – SQL
access & Showcase‘ is now recognized by Assessment as a part of iSecurity™.