$TXT Created by FORT,WALLY at NXT.KERNEL.FO-OAKLAND.MED.VA.GOV (KIDS) on Wednesday, 09/06/06 at 09:03 ============================================================================= Run Date: SEP 21, 2006 Designation: XU*8*419 Package : XU - KERNEL Priority: Mandatory Version : 8 SEQ #348 Status: Released Compliance Date: OCT 22, 2006 ============================================================================= Associated patches: (v)XU*8*225 <<= must be installed BEFORE `XU*8*419' (v)XU*8*275 <<= must be installed BEFORE `XU*8*419' (v)XU*8*289 <<= must be installed BEFORE `XU*8*419' (v)XU*8*351 <<= must be installed BEFORE `XU*8*419' (v)XU*8*395 <<= must be installed BEFORE `XU*8*419' Subject: C&A Remediation by pre-expiring new verify code Category: - Routine - Data Dictionary - Input Template Description: ============ Patch Tracking #: 43496521 Test Sites: HEARTLAND-WEST HCS, Salisbury VAMC, OKLAHOMA CITY, OK Blood Bank Clearance: 8/18/2006 IT Service Request ID: 20060309 Request Date: 3/24/2006 Request Name: C&A Remediation for strong Verify Codes During the C&A review of VistA the current practice of leaving the VERIFY CODE blank until the user signed on the first time was found to not comply with VA DIRECTIVE 6504. This patch will bring VistA into compliance. A strong Verify Code will need to be assigned when setting up a user, This Verify Code will be expired and will have to be changed the first time the user logs on. The Access Agreement letters come from the HELP FRAME file (#9.2), "Batch user access document" [XUSER COMPUTER ACCOUNT]. This has been modified to report the Verify Code for the "Grant Access by Profile" [XUSERBLK] option. It is passed to the form in the variable XUU2. After the install the site will need to check that the local edits are put back in. If you use an alternative HELP FRAME you will need to update it to report the Verify Code. For more information, please refer to the "Security Forms" topic under the "Adding New Users" topic in the "Signon/Security: Systems Management" chapter in the Kernel Systems Manual located at: http://www.va.gov/vdl/Infrastructure.asp?appID=10. A new field has been added to the KERNEL SYSTEM PARAMETERS (#8989.3). The field AUTO-GENERATE VERIFY CODES (#11.2) is used to automatically select a strong verify code. If you are editing your own record this is skipped. Use the "Enter/Edit Kernel Site Parameters" [XUSITEPARM] option to edit. 8989.3,11.2 AUTO-GENERATE VERIFY CODES 3;3 SET 'n' FOR No; 'y' FOR Yes; LAST EDITED: AUG 17, 2006 DESCRIPTION: During the C&A review of VistA the current practice of leaving the VERIFY CODE blank until the user signed on the first time was found to not comply with VA DIRECTIVE 6504. This field will be used when someone other that the user goes to enter a verify code. The system will select a strong verify code and tell the operator what the new code is. Also in this patch is a change to allow the CBO to use the CAPRI broker to connect to a site and then use a Telnet session to finish there work. This was patch XU*8*403 but was folded into this patch so it would not delay this patch. This can only be tested by sites working with CAPRI and the CBO. During a code review a bug was found in the ZU routine if a second error occurred during an error trap. ========================================================================= Installation: >>>Allow KIDS to inhibit new sign-ons. >>>TaskMan does *not* need to be stopped. 1. Use the 'INSTALL/CHECK MESSAGE' option on the PackMan menu. This option will load the KIDS package onto your system. 2. Print out a copy of your ACCESS AGREEMENT Letter. It is in the HELP FRAME file as XUSER COMPUTER ACCOUNT. 3. The patch has now been loaded into a Transport global on your system. You now need to use KIDS to install the Transport global. On the KIDS menu, under the 'Installation' menu, use the following options: Verify Checksums in Transport Global Print Transport Global Compare Transport Global to Current System Backup a Transport Global 4. This patch can not be queued. Inhibit users from login into the system. TaskMan can remain running. 5. Installation will take less than 2 minutes. On the KIDS menu, under the 'Installation' menu, use the following option: Install Package(s) 'XU*8.0*419' ========== Want KIDS to Rebuild Menu Trees Upon Completion of Install? YES// NO Want KIDS to INHIBIT LOGONs during the install? YES// YES Want to DISABLE Scheduled Options, Menu Options, and Protocols? YES// NO 6. Use the XQHELP-DISP option to edit the XUSER COMPUTER ACCOUNT to fix the Access Agreement Letter that was overwritten. 7. Use the "Enter/Edit Kernel Site Parameters" [XUSITEPARM] option to edit AUTO-GENERATE VERIFY CODES field. ========================================================================= Routine Summary Checksums shown are OLD Checksums The following routines are included in this patch. The second line of each of these routines now looks like: ;;8.0;KERNEL;**[Patch List]**;Jul 10, 1995 Checksums Routine Before After Patch List XUS 7925148 8165171 **16,26,49,59,149,180,265,337,419** XUS1 9733299 9761196 **9,59,111,165,150,252,265,419** XUS2 14988271 15597780 **59,180,313,419** XUS3 5016793 5046650 **32,149,265,419** XUSERBLK 12007513 12465964 **20,214,230,289,419** XUSERNEW 7818966 8785128 **16,49,134,208,157,313,351,419** XUSRB4 3500480 3739011 **150,337,395,419** XUSTZIP 5551747 5559909 **265,419** ZUGTM 3295134 2719725 **275,419** ZUONT 2065413 1944407 **34,94,118,162,170,225,419** List of preceding patches: 225, 275, 289, 351, 395 Sites should use CHECK^XTSUMBLD to verify checksums. Routine Information: ==================== The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XUS Before: B29056184 After: B30134409 **16,26,49,59,149,180,265,337,419** Routine Name: XUS1 Before: B25051927 After: B25338963 **9,59,111,165,150,252,265,419** Routine Name: XUS2 Before: B39049783 After: B47237337 **59,180,313,419** Routine Name: XUS3 Before: B18656920 After: B18943733 **32,149,265,419** Routine Name: XUSERBLK Before: B35647610 After: B39902231 **20,214,230,289,419** Routine Name: XUSERNEW Before: B19489672 After: B21302863 **16,49,134,208,157,313,351,419** Routine Name: XUSRB4 Before: B10928715 After: B11538181 **150,337,395,419** Routine Name: XUSTZIP Before: B25477365 After: B25405099 **265,419** Routine Name: ZUGTM Before: B10091845 After: B7793985 **275,419** Routine Name: ZUONT Before: B3721758 After: B4589154 **34,94,118,162,170,225,419** ============================================================================= User Information: Entered By : FORT,WALLY Date Entered : MAY 10, 2006 Completed By: SINGH,GURBIR Date Completed: SEP 14, 2006 Released By : TILLIS,LEWIS Date Released : SEP 21, 2006 ============================================================================= Packman Mail Message: ===================== $END TXT