UCF STIG Viewer Logo

The Mainframe Products must provide the capability to filter audit records for events of interest as defined in site security plan.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68271 SRG-APP-000115-MFP-000157 SV-82761r1_rule Medium
Description
The ability to specify the event criteria that are of interest provides the persons reviewing the logs with the ability to quickly isolate and identify these events without having to review entries that are of little or no consequence to the investigation. Without this capability, forensic investigations are impeded. Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component. This requires applications to provide the capability to customize audit record reports based on organization-defined criteria.
STIG Date
Mainframe Product Security Requirements Guide 2017-06-22

Details

Check Text ( C-68831r1_chk )
If the Mainframe Product does not perform audit data management or storage function, this is not applicable.

Examine installation and configuration settings.

Refer to the site's auditing policies.

Verify the Mainframe Product filters audit record events of interest based on Site defined criteria. If it does not, this is a finding.
Fix Text (F-74385r1_fix)
Configure the Mainframe Product to filter audit record events of interest based on Site defined criteria