The SETROPTS LOGOPTIONS must be properly configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-71203 | RACF0540 | SV-85827r1_rule | Low |
| Description |
|---|
| Audit records are central to after-the-fact investigations of security incidents. Every effort should be taken to collect as much information as productively feasible for these investigative processes. The SETROPTS LOGOPTIONS option serves as a default auditing requirement. Auditing ‘Failures’ as a minimum will assure a base level of information is available for investigations. |
| STIG | Date |
|---|---|
| z/OS RACF STIG | 2019-12-12 |
Details
| Check Text ( C-71929r1_chk ) |
|---|
| From the ISPF Command Shell enter: SETRopts List Alternately: Refer to the following report produced by the RACF Data Collection: RACFCMDS.RPT(SETROPTS) Automated Analysis Refer to the following report produced by the RACF Data Collection: PDI(RACF0540) If the following options are specified at a minimum, this is not a finding. LOGOPTIONS "FAILURES" CLASSES = LOGOPTIONS "NEVER" CLASSES = NONE |
| Fix Text (F-77877r1_fix) |
|---|
| Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below: Ensure that the following LOGOPTIONS are specified: LOGOPTIONS "FAILURES" CLASSES = LOGOPTIONS "NEVER" CLASSES = NONE The other LOGOPTIONS may be site determined. |