UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SETROPTS LOGOPTIONS must be properly configured.


Overview

Finding ID Version Rule ID IA Controls Severity
V-71203 RACF0540 SV-85827r1_rule Low
Description
Audit records are central to after-the-fact investigations of security incidents. Every effort should be taken to collect as much information as productively feasible for these investigative processes. The SETROPTS LOGOPTIONS option serves as a default auditing requirement. Auditing ‘Failures’ as a minimum will assure a base level of information is available for investigations.
STIG Date
z/OS RACF STIG 2018-04-04

Details

Check Text ( C-71929r1_chk )
From the ISPF Command Shell enter:
SETRopts List
Alternately:
Refer to the following report produced by the RACF Data Collection:
RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

PDI(RACF0540)

If the following options are specified at a minimum, this is not a finding.
LOGOPTIONS "FAILURES" CLASSES =
LOGOPTIONS "NEVER" CLASSES = NONE
Fix Text (F-77877r1_fix)
Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

Ensure that the following LOGOPTIONS are specified:
LOGOPTIONS "FAILURES" CLASSES =
LOGOPTIONS "NEVER" CLASSES = NONE

The other LOGOPTIONS may be site determined.