The AUDIT SETROPTS value is improperly set.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-255	RACF0260	SV-255r2_rule	DCCS-1 DCCS-2	Medium

Description
(RACF0260: CAT II) AUDIT specifies the names of the classes for which you want RACF to perform auditing. For the classes that you specify, RACF logs all uses of the RACDEF SVC and all changes made to profiles by RACF commands. NOAUDIT cancels auditing. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.

Description

(RACF0260: CAT II) AUDIT specifies the names of the classes for which you want RACF to perform auditing. For the classes that you specify, RACF logs all uses of the RACDEF SVC and all changes made to profiles by RACF commands. NOAUDIT cancels auditing. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.

STIG	Date
z/OS RACF STIG	2019-12-12

Details

Check Text ( C-17692r1_chk )
a) Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(RACF0260) b) If all ACTIVE classes are also listed under the AUDIT classes, there is NO FINDING. Note: All Classes must be enabled for AUDITing. c) If there are ACTIVE classes that are not specified in the AUDIT classes, this is a FINDING.

Check Text ( C-17692r1_chk )

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0260)

b) If all ACTIVE classes are also listed under the AUDIT classes, there is NO FINDING.

Note: All Classes must be enabled for AUDITing.

c) If there are ACTIVE classes that are not specified in the AUDIT classes, this is a FINDING.

Fix Text (F-16781r1_fix)
The IAO will ensure that AUDIT SETROPTS value is set to AUDIT() indicating that RACF sets all classes to do auditing of uses of the RACDEF SVC and all changes made to profiles by RACF commands. Evaluate the impact associated with implementation of the control option. Develop a plan of action and proceed with the change. Issue the command SETR AUDIT() to activate all RACF Classes.