IBM z/OS SETROPTS Parm must be set to SAUDIT.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-98103 | RACF-ES-000510 | SV-107207r1_rule | Medium |
| Description |
|---|
| Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. SAUDIT specifies whether RACF is to log all RACF commands issued by users with the SPECIAL or group SPECIAL attribute. |
| STIG | Date |
|---|---|
| IBM z/OS RACF Security Technical Implementation Guide | 2020-06-29 |
Details
| Check Text ( C-96939r1_chk ) |
|---|
| From the ISPF Command Shell enter: SETRopts List If the SAUDIT value is listed as one of the ATTRIBUTES, this is not a finding. |
| Fix Text (F-103779r1_fix) |
|---|
| Configure SETRopts to include SAUDIT as an attribute. |