The Mainframe Product must off-load audit records onto a different system or media than the system being audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-68259	SRG-APP-000358-MFP-000149	SV-82749r1_rule		Medium

Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

STIG	Date
Mainframe Product Security Requirements Guide	2016-04-18

Details

Check Text ( C-68819r1_chk )
If the Mainframe Product uses MVS System Management Facility (SMF) recording or external security manager (ESM) log files for auditing purposes, this is not applicable. Examine the Mainframe Product installation and configuration auditing settings. If the installation and/or configuration setting for auditing do not require the off-loading of audit records onto a different system or media than the system being audited, this is a finding.

Check Text ( C-68819r1_chk )

If the Mainframe Product uses MVS System Management Facility (SMF) recording or external security manager (ESM) log files for auditing purposes, this is not applicable.

Examine the Mainframe Product installation and configuration auditing settings.

If the installation and/or configuration setting for auditing do not require the off-loading of audit records onto a different system or media than the system being audited, this is a finding.

Fix Text (F-74373r1_fix)
Configure the Mainframe Product installation and/or configurations settings to off-load audit records onto a different system or media than the system being audited.