An automated process is not in place to collect and retain SMF data.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-103	AAMV0400	SV-103r2_rule	CODB-2 DCCS-1 DCCS-2	Medium

Description
SMF data collection is the basic unit of tracking of all system functions and actions. Included in this racking data is the audit trail from the ACP. If the control options for the recording of this tracking are not properly maintained, then accountability cannot be monitored and its use in the execution of a contingency plan could be compromised. Failure to collect SMF data in a timely fashion can result in the loss of critical system data.

Description

SMF data collection is the basic unit of tracking of all system functions and actions. Included in this racking data is the audit trail from the ACP. If the control options for the recording of this tracking are not properly maintained, then accountability cannot be monitored and its use in the execution of a contingency plan could be compromised. Failure to collect SMF data in a timely fashion can result in the loss of critical system data.

STIG	Date
z/OS ACF2 STIG	2019-12-12

Details

Check Text ( C-669r1_chk )
a) Refer to Vulnerability Questions within the SRRAUDIT Dialog Management document. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0400) b) If, based on the information provided, it can be determined that an automated process is in place to collect and retain all SMF data produced on the system, there is NO FINDING. c) If it cannot be determined this process exists and is being adhered to, this is a FINDING.

Check Text ( C-669r1_chk )

a) Refer to Vulnerability Questions within the SRRAUDIT Dialog Management document.

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(AAMV0400)

b) If, based on the information provided, it can be determined that an automated process is in place to collect and retain all SMF data produced on the system, there is NO FINDING.

c) If it cannot be determined this process exists and is being adhered to, this is a FINDING.

Fix Text (F-17020r1_fix)
The IAO will ensure that an automated process is in place to collect SMF data. Review SMF data collection and retention processes. Ensure that the processes utilized include a process which is automatically started to dump SMF collection files immediately upon their becoming full. To ensure that all SMF data is collected in a timely manner, and to reduce the risk of data loss, the site will ensure that automated mechanisms are in place to collect and retain all SMF data produced on the system. Dump the SMF files (MANx) in systems based on the following guidelines: (a) Dump each SMF file as it fills up during the normal course of daily processing. (b) Dump all remaining SMF data at the end of each processing day.

Fix Text (F-17020r1_fix)

The IAO will ensure that an automated process is in place to collect SMF data.

Review SMF data collection and retention processes. Ensure that the processes utilized include a process which is automatically started to dump SMF collection files immediately upon their becoming full.

To ensure that all SMF data is collected in a timely manner, and to reduce the risk of data loss, the site will ensure that automated mechanisms are in place to collect and retain all SMF data produced on the system. Dump the SMF files (MANx) in systems based on the following guidelines:

(a) Dump each SMF file as it fills up during the normal course of daily processing.

(b) Dump all remaining SMF data at the end of each processing day.