Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-71203 | RACF0540 | SV-85827r1_rule | Low |
Description |
---|
Audit records are central to after-the-fact investigations of security incidents. Every effort should be taken to collect as much information as productively feasible for these investigative processes. The SETROPTS LOGOPTIONS option serves as a default auditing requirement. Auditing ‘Failures’ as a minimum will assure a base level of information is available for investigations. |
STIG | Date |
---|---|
z/OS RACF STIG | 2018-12-20 |
Check Text ( C-71929r1_chk ) |
---|
From the ISPF Command Shell enter: SETRopts List Alternately: Refer to the following report produced by the RACF Data Collection: RACFCMDS.RPT(SETROPTS) Automated Analysis Refer to the following report produced by the RACF Data Collection: PDI(RACF0540) If the following options are specified at a minimum, this is not a finding. LOGOPTIONS "FAILURES" CLASSES = LOGOPTIONS "NEVER" CLASSES = NONE |
Fix Text (F-77877r1_fix) |
---|
Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below: Ensure that the following LOGOPTIONS are specified: LOGOPTIONS "FAILURES" CLASSES = LOGOPTIONS "NEVER" CLASSES = NONE The other LOGOPTIONS may be site determined. |