Order Number: LJKS-REF-T030 This software is intended to assist in security assessment of VMS systems. It is not a substitute for a trained professional conducting periodic security assessments, but rather is intended to aid and assist that individual in performing the assessments on a more frequent and thorough basis than would otherwise be possible.

Information generated by this software should be treated on a confidential basis, since it constitutes a list of security vulnerabilities of your computer systems.

Revision/Update Information: Supercedes LJKS-REF-V029

Operating System and Version: VAX/VMS Version 4.2 or higher
MicroVMS Version 4.2 or higher
OpenVMS AXP Version 1.0 or higher

Software Version: LJK/Security T3.0

Copyright ©1988-2008 by LJK Software, 233 Needham Street, Suite 300, Newton, MA 02464-1502

The following are trademarks of LJK Software:

• LJK/Security
• the LJK/Security logo

The following are trademarks of Hewlett Packard:

• AXP
• DEC
• DECnet
• DECwindows
• DEC/Shell
• DEC/Test Manager
• MicroVAX
• P.S.I.
• SEVMS
• VAX
• VAXstation
• VAXcluster
• VMS
• VMS Encryption
• VMScluster

The following is a trademarks of Process Software:

• Multinet

Contents

Index

If you are a first-time reader interested in making productive use of the software as soon as possible, you should concentrate on the Overview Part.

Document Structure

This manual describes LJK/Security software and how it can be used in assessing security of VMS systems.

Overview Part

• Chapter 1, Introduction, describes the overall operational concepts of LJK/Security and gives a tutorial-order explanation of various terms (denoted in boldface throughout this manual) that have specialized meanings within the context of LJK/Security.
• Chapter 2, Installing LJK/Security, describes those steps which must be taken by the VMS system manager to get LJK/Security up and running in your environment..

User Interfaces Part

• Chapter 3, Window Interface describes how to control LJK/Security using the DECwindows graphic user interface.
• Chapter 4, Menu Interface, describes how to control LJK/Security using a character cell display terminal.
• Chapter 5, Command Interface, lists the commands available for traditional DCL-style control of LJK/Security.

Tests Part

• Chapter 6,LJK/Security Tests, lists each of the tests that can be performed by LJK/Security.

Site-Specific Customization Part

• Chapter 7, Policy Modification, discusses the uses of policy modification.
• Chapter 8, Assessment Modification, discusses the uses of assessment modification.
• Chapter 9, Using Program Call Interfaces, describes how to access LJK/Security from programs you have written in VMS programming languages.
• Chapter 10, Using LJK/Security With Removable Media, describes the differences involved in using magnetic tape or removable disks rather than DECnet for communication between the master node and tributary nodes.
• Chapter 11, Tips for Special Situations, contains hints on how to use LJK/Security in certain specific settings.

Appendices

• Appendix A, Master Node Installation, shows a sample installation of LJK/Security on a master node.
• Appendix B, Tributary Node Installation, shows a sample installation of LJK/Security on a tributary node.
• Appendix C, Moving the Software, tells how to move the software to a different node.
• Appendix D, Demonstration, describes an LJK/Security demonstration license offered at certain Trade Shows.
• Appendix E, Other VMS Security Considerations, lists VMS security considerations not amenable to generalized automated processing by products such as lreference PRODUCTLJK/Security.
• Appendix F, Files Created by LJK/Security, lists the files created by LJK/Security installation and operation.
• Appendix G, Bug Reports, tells how to report problems to LJK Software.
• Appendix H, Hints and Kinks, gives information not of general interest, such as discussion of internal operation of LJK/Security .
• Appendix I, Use of Privilege by LJK/Security, lists the use of privilege by LJK/Security.
• Appendix J, Security of LJK/Security, describes steps taken to ensure the security of LJK/Sec urity itself.
• Appendix K, Creating Policies Based on Examples, explains the example policies provided by LJK/Security for published requirement lists such as NIST Special Publication 800-53.
• Appendix L, FISMA Security Assessments with LJK/Security, offers guidance for use of LJK/Security by those complying with the US Federal Information Security Management Act (FISMA).
• Appendix M, DoD Instruction 8500.2 Vulnerability Assessments, tells how to use LJK/Security to comply with US Department of Defense Instruction 8500.2 published February 6, 2003.
• Appendix N, Sending LJK/Security Data Directly over TCP/IP, tells how to send LJK/Security requests and results directly over TC P/IP in environments which do not have DECnet installed.
• Glossary gives an alphabetical-order explanation of various terms (denoted in boldface throughout this manual) that have specialized meanings within the context of LJK/Security.

Intended Audience

This manual is for use by those responsible for conducting security assessments of VMS systems using the LJK/Security software.

It is possible to use the manual and run the software without an in-depth knowledge of VMS, but when potential problems are detected, resolution will often require considerable VMS expertise on the part of the LJK/Security user, or consultation with someone else (perhaps in a system management position) who has that expertise.

LJK Software provides telephone support regarding operation of the LJK/Security software and in many cases can offer alternative methods of addressing security problems you detect. But there is often a point where security goals conflict with other goals at your site in such a fashion that considerable system management or system programming effort is required to alleviate the security weakness without unduly burdening ongoing operations. In that situation, you will need local experts with those skills.

Associated Documents

Depending upon the VMS version(s) being run, the user should be familiar with the appropriate VMS security manuals:

• Guide to VAX/VMS System Security, DEC AA-Y510A-TE (VMS V4.0)
• Guide to VAX/VMS System Security, DEC AA-Y510A-T1 (update for VMS V4.2)
• Guide to VMS System Security, DEC AA-LA40A-TE (VMS V5.0)
• Guide to VMS System Security, DEC AA-LA40B-TE (VMS V5.2)
• OpenVMS AXP Guide to System Security, DEC AA-PV5SA-TE (V1.5)
• OpenVMS VAX Guide to System Security, DEC AA-PV5RA-TE (V6.0)
• OpenVMS Guide to System Security, DEC AA-Q2HLA-TE (V6.1)
• OpenVMS Guide to System Security, DEC AA-Q2HLB-TE (V6.2)
• OpenVMS Guide to System Security, DEC AA-Q2HLC-TE (V7.1)
• OpenVMS Guide to System Security, Compaq AA-Q2HLD-TE (V7.2)
• OpenVMS Guide to System Security, Compaq AA-Q2HLE-TE (V7.3)
• OpenVMS Guide to System Security, Compaq AA-Q2HLF-TE (V7.3-1)
• OpenVMS Guide to System Security, HP AA-Q2HLG-TE (V7.3-2)

Conventions

Within LJK/Security Reference Manual, boldfaced words within normal text paragraphs have specific meanings outlined in the Glossary.

Throughout this document use of the second person ("you") or the term "user" refers to the intended reader of this manual, an individual who has been given appropriate facility-specific identifiers or is otherwise authorized to use LJK/Security as discussed in Section 5.4.

1. QUICK mode
   With previous versions of LJK/Security it was necessary to modify a policy or to maintain a duplicate policy to switch back and forth between complete assessments and faster assessments that skipped the time-consuming Disk facility.
   Effective with Version 3.0 of LJK/Security, there is a /METHODS=QUICK qualifier available for the command mode RUN and MODIFY ASSESSMENT commands, with corresponding capabilities on the other interfaces. When one selects Quick operations, the assessment will skip the time consuming facilities - the familiar Disk facility and the new Usage facility introduced with Version 3.0 of LJK/Security.
2. Include certain exemption comments with results
   For all constraints within the CHECKPROT element of the DISK facility, comments from policy exemptions will be included in results from assessment of tributaries. This differs from general case where comments from policy limits are used.
3. Additional Selector Family - Operator Message Type
   Operator message types are used as selectors for (AUDIT, ALARM, REPORT) and (AUDIT, ALARM, RESPONSE) tests to specify to which operator message type the test pertains.
   • CENTRAL - general operating system messages
   • PRINTER - printer messages
   • TAPES - tape drive messages
   • DISKS - other device messages
   • DEVICES - other device messages
   • CARDS - card reader messages
   • NETWORK - network messages
   • CLUSTER - cluster messages
   • SECURITY - security messages
   • REPLY - opcom messages
   • SOFTWARE - software messages
   • LICENSE - license manager messages
   • USER1 - Site-specific meaning
   • USER2 - Site-specific meaning
   • USER3 - Site-specific meaning
   • USER4 - Site-specific meaning
   • USER5 - Site-specific meaning
   • USER6 - Site-specific meaning
   • USER7 - Site-specific meaning
   • USER8 - Site-specific meaning
   • USER9 - Site-specific meaning
   • USER10 - Site-specific meaning
   • USER11 - Site-specific meaning
   • USER12 - Site-specific meaning
4. Audit Tests
   New tests are provided:
   • AUDIT, ALARM, REPORT /SELECTOR=operator-message-type
   • AUDIT, ALARM, RESPONSE /SELECTOR=operator-message-type
   • AUDIT, ARCHIVE, ALPROHIBIT
   • AUDIT, ARCHIVE, ALREQUIRE
   • AUDIT, ARCHIVE, AUPROHIBIT
   • AUDIT, ARCHIVE, AUREQUIRE
   • AUDIT, ARCHIVE, FLUSH
   • AUDIT, ARCHIVE, LOCATION
   • AUDIT, LOG, FLUSH
   • AUDIT, LOG, RETENTION
   • AUDIT, LOG, SPACEDAYS
   • AUDIT, LOG, SPACEWARN
5. Disk Tests
   New tests are provided:
   • DISK, AUTOLOCK, DECWINDOWS
   • DISK, BACKUPDATA, ABSOLUTHI
   • DISK, BACKUPDATA, MODIFIEDHI
   • DISK, BACKUPSYS, ABSOLUTHI
   • DISK, BACKUPSYS, MODIFIEDHI
   • DISK, CHECKPROT, ABSENT
   • DISK, CHECKPROT, BACKUPABS
   • DISK, CHECKPROT, BACKUPMOD
   • DISK, CHECKPROT, OWNER
   • DISK, CHECKPROT, PRESENT
   • DISK, CHECKPROT, SUBSYSNO
   • DISK, CHECKPROT, SUBSYSYES
   • DISK, CLUSTER, MINLATENCY
   • DISK, DBMSPROT, NOSYSOWNER
   • DISK, DBMSPROT, SYSOWNER
   • DISK, DIRPROT, NOSYSOWNER
   • DISK, DIRPROT, SYSOWNER
   • DISK, FILEPROT, NOSYSOWNER
   • DISK, FILEPROT, SYSOWNER
   • DISK, HELPPROT, ABSOLUTLO
   • DISK, HELPPROT, ABSOLUTHI
   • DISK, HELPPROT, NOSYSOWNER
   • DISK, HELPPROT, PERCENTLO /SELECTOR=access-type
   • DISK, HELPPROT, PERCENTHI /SELECTOR=access-type
   • DISK, HELPPROT, SYSOWNER
   • DISK, MAILPROT, NOSYSOWNER
   • DISK, MAILPROT, SYSOWNER
   • DISK, NOTESPROT, NOSYSOWNER
   • DISK, NOTESPROT, SYSOWNER
   • DISK, RDBVMSPROT, NOSYSOWNER
   • DISK, RDBVMSPROT, SYSOWNER
   • DISK, SHADOW, DATANO
   • DISK, SHADOW, DATAYES
   • DISK, SHADOW, SYSTEMNO
   • DISK, SHADOW, SYSTEMYES
   • DISK, SUBSYSTEM, NOFILE
   • DISK, SUBSYSTEM, REQUIRED
   • DISK, SUBSYSTEM, PROHIBITED
   • DISK, SYSEXEPROT, NOSYSOWNER
   • DISK, SYSEXEPROT, SYSOWNER
   
   The following new tests ensure that all files required by your organization standards have their checksums tested for integrity.
   • DISK, ALLCOM, CHECKSUM
   • DISK, ALLEXE, CHECKSUM
   • DISK, INSTALLED, CHECKSUM
   • DISK, INSTPRIV, CHECKSUM
   • DISK, INSTPROT, CHECKSUM
   • DISK, SUBSYSTEM, CHECKSUM
   • DISK, SYSCOM, CHECKSUM
   • DISK, SYSEXE, CHECKSUM
6. PROD Tests
   The PROD facility contains tests for product installation on the system.
   • PROD, INSTALLED, PROHIBITED
   • PROD, INSTALLED, REQUIRED
   • PROD, SECURE, REQUIRED (allows TRY)
   • PROD, SECURE, PROHIBITED (allows TRY)
7. Queue Tests
   The QUEUE facility contains tests for batch and print queues on the system.
   • QUEUE, ACLIDENT, NOGENERAL
   • QUEUE, ACLIDENT, NOSYSTEM
   • QUEUE, ACLIDENT, NOUIC
   • QUEUE, CHECKPOINT, BATPROHIB
   • QUEUE, CHECKPOINT, BATREQUIRE
   • QUEUE, CHECKPOINT, PRIPROHIB
   • QUEUE, CHECKPOINT, PRIREQUIRE
   • QUEUE, MANAGER, PROHIBITED
   • QUEUE, MANAGER, REQUIRED
   • QUEUE, OPRMARKING, CONTAINS
   • QUEUE, OPRMARKING, PROHIBITED
   • QUEUE, OPRMARKING, REQUIRED
   • QUEUE, OWNER, WRONG
   • QUEUE, PROTECTION, ABSOLUTLO
   • QUEUE, PROTECTION, ABSOLUTHI
   • QUEUE, PROTECTION, PERCENTLO /SELECTOR=access-type
   • QUEUE, PROTECTION, PERCENTHI /SELECTOR=access-type
   • QUEUE, PROTECTION, NOSYSOWNER
   • QUEUE, PROTECTION, SYSOWNER
   • QUEUE, RETAIN, BATCHJALL
   • QUEUE, RETAIN, BATCHJERR
   • QUEUE, RETAIN, BATCHJTIM
   • QUEUE, RETAIN, BATCHQALL
   • QUEUE, RETAIN, BATCHQERR
   • QUEUE, RETAIN, PRINTJALL
   • QUEUE, RETAIN, PRINTJERR
   • QUEUE, RETAIN, PRINTJTIM
   • QUEUE, RETAIN, PRINTQALL
   • QUEUE, RETAIN, PRINTQERR
   • QUEUE, RETAIN, UNHANDLED
8. UAF Tests
   New tests are provided:
   • UAF, ACCESS, AUDIT /SELECTOR=login-type
   • UAF, ACCESS, PROHIBITED /SELECTOR=login-type
   • UAF, ACCESS, REQUIRED /SELECTOR=login-type
   • UAF, LASTLOGIN, EITHER
   • UAF, OPERATOR, TOOFEW
   • UAF, OWNER, DIGITSPACE
   • UAF, OWNER, MAINTAINED
   • UAF, OWNER, NONPRIVMAX
   • UAF, OWNER, NONPRIVMIN
   • UAF, OWNER, PRIVMAX
   • UAF, OWNER, PRIVMIN
   • UAF, PRIVILEGE, AUTHAUDIT /SELECTOR=privilege-type
   • UAF, PRIVILEGE, DEFAUDIT /SELECTOR=privilege-type
   • UAF, PRIVLEVEL, ACCESSMAX /SELECTOR=login-type
   • UAF, PRIVLEVEL, ACCESSMIN /SELECTOR=login-type
   • UAF, PROXY, PROHIBITED
   • UAF, PWDMIX, REQUIRED
   • UAF, PWDMIX, PROHIBITED
   • UAF, PWDNULL, CAPTIVE
   • UAF, PWDNULL, MUSTAUTO
   • UAF, PWDNULL, MUSTLOCK
9. Additional Selector Family - facilty-or-pseudofacility
   Facilities or pseudofacilities are used as selectors for (USAGE, ASSESSMENT, *) tests to specify which testing is supposed to have been done at the specified interval.
   Pseudo-facilities
   • INVASIVE_TESTING - Non-passive testing was completed
   • INTERVIEW - Interview questions were asked
   • MANUAL_EXAMINATION - Examination not susceptible to automation was done
   • SUBSYSTEM - DISK, SUBSYSTEM, CHECKSUM was tested
   • ALLEXE - DISK, ALLEXE, CHECKSUM was tested
   • ALLCOM - DISK, ALLCOM, CHECKSUM was tested
   • SYSEXE - DISK, SYSEXE, CHECKSUM was tested
   • SYSCOM - DISK, SYSCOM, CHECKSUM was tested
   • INSTPROT - DISK, INSTPROT, CHECKSUM was tested
   • INSTPRIV - DISK, INSTPRIV, CHECKSUM was tested
   • INSTALLED - DISK, INSTALLED, CHECKSUM was tested
   Facilities
   • UAF - User Authorization Database facility was tested
   • VMS - Operating system facility was tested
   • DECNET - Network Software facility was tested
   • DEVICE - Devices facility was tested
   • TERM - Terminals facility was tested
   • DISK - Disk facility was tested
   • ACC - Accounting facility was tested
   • AUDIT - Auditing facility was tested
   • QUEUE - Queues facility was tested
   • USAGE - Usage facility was tested
10. Usage Tests
    The USAGE facility reads Audit log files and tests data about past use of the machine.
    Exemptions for USAGE tests are based on the combination of:
    1. Node name
    2. Absolute or Earliest time
    An exemption based on an Absolute time exempts any detected violation at exactly that time.
    An exemption based on Earliest time exempts any detected violation earlier than that time.
    • USAGE, ASSESSMENT, CLUSTER /SELECTOR=Facility or Pseudo-facility /VALUE=interval
    • USAGE, ASSESSMENT, CONTINUING /SELECTOR=Facility or Pseudo-facility /VALUE=interval
    • USAGE, ASSESSMENT, INITIAL /SELECTOR=Facility or Pseudo-facility /VALUE=interval
    • USAGE, ASSESSMENT, PERIODIC /SELECTOR=Facility or Pseudo-facility /VALUE=interval
    The tests above each take a selector indicating the facility or pseudo-facility about which type of assessment usage is being tested.
    Remaining USAGE tests have no selectors.
    • USAGE, EVADEPWD, DICTIONARY /value=minutes
    • USAGE, EVADEPWD, HISTORY /value=minutes
    • USAGE, EVADEPWD, SELF
    Percentage of operator actions done by those with higher privilege than just OPER, NETMBX, TMPMBX.
    • USAGE, OPERATOR, ACCOUNTING /value=percentage
    • USAGE, OPERATOR, CLUSTER /value=percentage
    • USAGE, OPERATOR, DEVICE /value=percentage
    • USAGE, OPERATOR, LOGIN /value=percentage
    • USAGE, OPERATOR, OPERLOGIN /value=percentage
    • USAGE, OPERATOR, QUEUE /value=percentage
    • USAGE, OPERATOR, TAPE /value=percentage
    • USAGE, OPERATOR, UNDOC /value=percentage
    • USAGE, PRIVILEGE, IMPLICIT /value=true or false
    • USAGE, PRIVILEGE, NEVERUSED /value=true or false
    • USAGE, READAUDIT, ANY /value=delta-time
    • USAGE, READAUDIT, BATCH /value=delta-time
    • USAGE, READAUDIT, INTERACT /value=delta-time
    • USAGE, READAUDIT, NETWORK /value=delta-time
    • USAGE, SYSTEMUSR, NOBATCH /value=true or false
    • USAGE, SYSTEMUSR, NOINTERACT /value=true or false
    • USAGE, SYSTEMUSR, NONETWORK /value=true or false
    • USAGE, VALID, UIC /value=true or false
    • USAGE, VALID, USER /value=true or false
    • USAGE, <first>, <second> /VALUE=interval
      <first> and <second> are two different categories from the following list:
      • DOASSESS
      • DOAUDIT
      • DOCONNECT
      • DOINSTALL
      • DOMOUNT
      • DONCP
      • DOSYSGEN
      • DOTIME
      • DOUSEPRIV
      • DOPROCESS
      • DOUAF
11. VMS Tests
    New tests are provided:
    • VMS, ACMEORLGI, MATCH
    • VMS, ACMEORLGI, MUSTHAVE
    • VMS, ACMEORLGI, MUSTLACK
    • VMS, ACMEORLGI, NOMORETHAN
    • VMS, ACMEORLGI, NOTJUST
    • VMS, ACME, MATCH
    • VMS, ACME, MUSTHAVE
    • VMS, ACME, MUSTLACK
    • VMS, ACME, NOMORETHAN
    • VMS, ACME, NOTJUST
    • VMS, APPCYCLE, CHANGES
    • VMS, APPCYCLE, CONFIGURE
    • VMS, APPCYCLE, DAYS
    • VMS, APPCYCLE, INITIALIZE
    • VMS, APPCYCLE, MANAGEACC
    • VMS, APPCYCLE, MANAGEAPP
    • VMS, APPCYCLE, MANAGEASS
    • VMS, APPCYCLE, MANAGEAUD
    • VMS, APPCYCLE, MANAGENET
    • VMS, APPCYCLE, MANAGESYS
    • VMS, APPCYCLE, MAXIMUM
    • VMS, APPCYCLE, MEDIAN
    • VMS, CHECKSUM, NOSHA1
    • VMS, CHECKSUM, NOSIMPLE
    • VMS, CHECKSUM, NOSITE
    • VMS, CLUSTER, NODESMAX
    • VMS, CLUSTER, NODESMIN
    • VMS, CLUSTER, PROHIBITED
    • VMS, CLUSTER, REQUIRED
    • VMS, DATABASE, NOWEB
    • VMS, POLICY, MODIFYDAYS
    • VMS, STARTUP, MUSTHAVE
    • VMS, STARTUP, MUSTLACK
    • VMS, TIME, OFFSET
    • VMS, TTYTIMOUT, ABSOLUTLO
    • VMS, TTYTIMOUT, ABSOLUTHI
    • VMS, VERSION, MATCH
    • VMS, VERSION, MAXIMUM
    • VMS, VERSION, MINIMUM
12. Changed default for UAF, PRIVLEVEL, ABSOLUTLO
    The LJK/Security default limit for test UAF, PRIVLEVEL, ABSOLUTLO now has a value of Category-None rather than Category-Normal.
13. Additional Selector value for VMS, SECPOLICY tests
    ALLOWSYMLINKACCESS is a new selector value used to specify that allowing execute access to permit reading attributes on a filename or backlink of symbolic links is either prohibited or required.
14. Audit entries for Assessment runs
    Use of Identifier as Privilege audit entries will be written to show what facilities and sub-facilities were covered by an assessment. Sub-facilties include:
    • INSTALLED - Test DISK, INSTALLED, CHECKSUM
    • INSTPRIV - Test DISK, INSTPRIV, CHECKSUM
    • INSTPROT - Test DISK, INSTPROT, CHECKSUM
    • SYSCOM - Test DISK, SYSCOM, CHECKSUM (latest version)
    • SYSEXE - Test DISK, SYSEXE, CHECKSUM (latest version)
    • SUBSYSTEM - Test DISK, SUBSYSTEM, CHECKSUM (latest version)
    • ALLCOM - Test DISK, ALLCOM, CHECKSUM (latest version)
    • ALLEXE - Test DISK, ALLEXE, CHECKSUM (latest version)
    
    Those data are used by the (USAGE, ASSESSMENT, *) tests.
    Along with writing this new audit record, LJK/Security will now suppress detailed audit messages pertaining to each file for which it examines protection information, etc.
15. Implement SEPARATOR=character keyword for REPORT/SUMMARY
    The indicated character (defaulting to ",") will serve to divide comments into separate indicators for summary purposes, with each fail test counting under both indicators.
16. Change /SUMMARY output format
    Rather than the previous concatenation of a violation count with a comment (after a space), summary output now intersperses the words "violation(s) of" between the count and the comment.
17. Report tributary architecture and VMS and LJK/Security versions
    This report in the output header is just for visual confirmation.
18. Add /SAMPLE=n qualifier for the REPORT command
    This provides information only for the first N violations of a given type. It can be used for reports to managers who want to see typical violations. Those involved in remedial efforts still need the full output in most cases.
19. /[NO]SORT qualifier on output
    By default, Sort Report output by Facility, Element and Constraint. Failures due to insufficient space will mention /NOSORT as an option.
    
    
20. Better information when VMS process quotas are exceeded
    
    
21. EXIT command
    An EXIT command has been added for subsystem mode, having the same effect as Control/Z.
22. Example TCP/IP command procedures
    Two example command files are now provided:
    • LJK$SECURITY_EXAMPLES:LJK$SECURITY_TCPIP_MASTER.COM
    • LJK$SECURITY_EXAMPLES:LJK$SECURITY_TCPIP_TRIBUTARY.COM
    for use by sites that are unable to run DECnet software. Use of these examples is described in Appendix N, Sending LJK/Security Data Directly over TCP/IP.
    
23. Suppression of Detailed Auditing
    On VMS Version 6.0 and later, LJK/Security now suppresses detailed auditing (for instance on each use of privilege) while conducting an assessment on tributary nodes.
24. Syntax for System Parameter file
    A file specification of "SYSTEM=PARAMETER" can now be used for tests in the (DISK,CHECKPROT) (or (DISK,CHECKSUM) for that matter) facility to indicate the architecture-specific name of the system parameter file.