Article ID: 145447
In reviewing TSS documentation we found that "JES(NOVERIFY)" is not recommended. Recommend avoiding the use of NOVERIFY,"
Since currently have JES(NOVERIFY) specified, what is the replacement parameter should be use to enhance security?
Release : 16.0
Component : Top Secret for z/OS
NOVERIFY causes TSS to insert the password in the user= parm on the jobcard.
VERIFY-Indicates Top Secret verifies USER and PASSWORD parameters
implicitly without inserting these parameters into the JOB JCL statement.
When Top Secret 16.0 went GA, JES(NOVERIFY) was no longer supported, however, this introduced an issue for some sites that use JES2 exits.
To alleviate this and other issues, the following Top Secret PTFs were written:
RO88932 - Restores JES(NOVERIFY) processing to insert the USER= parameter on all jobs submitted. (NOTE: The PASSWORD= parameter is not inserted.)
SO04024, SO04627, and SO05230 - Add support for IBM maintenance OA53954/OA53955.
SO04936 - Add support for JES_NJE_SECURITY OA49171 NODE CHECKING.
So now JES(NOVERIFY) is supported, but Top Secret will only insert the USER= parameter, NOT the PASSWORD= parameter, on the jobcard.
The submitting ACID will always checked by Top Secret.