UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

For Mainframe Products providing audit record aggregation, the Mainframe Product must compile audit records from mainframe components into a system-wide audit trail that is time-correlated with a tolerance for the relationship between time stamps of individual records in the audit trail in accordance with the sites security plan.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68181 SRG-APP-000086-MFP-000110 SV-82671r1_rule Medium
Description
Without the ability to collate records based on the time when the events occurred, the ability to perform forensic analysis and investigations across multiple components is significantly degraded. Audit trails are time-correlated if the time stamps in the individual audit records can be reliably related to the time stamps in other audit records to achieve a time ordering of the records within an organization-defined level of tolerance. This requirement applies only to Mainframe Products that provide the capability to compile system-wide audit records for multiple systems or system components.
STIG Date
Mainframe Product Security Requirements Guide 2019-12-12

Details

Check Text ( C-68743r1_chk )
If the Mainframe Product does not perform audit record aggregation, this is not applicable.

Examine configuration settings.

If the Mainframe Product settings do not use the operating system clock for time stamps, this is a finding.
Fix Text (F-74297r1_fix)
Configure the Mainframe Product to use the operating system clock for time stamps.