From z/OS TSS STIG
Part of ACP00340
Associated with IA controls: DCCS-1, DCPR-1, DCCS-2, ECAT-2, DCSL-1, ECAT-1
Associated with: CCI-000294 CCI-000295 CCI-000296 CCI-001819 CCI-001823 CCI-002087
A product that generates reports validating changes, additions or removal from APF and LPA libraries, as well as changes to SYS1.PARMLIB PDS members, should be run against system libraries to provide a baseline analysis to allow monitoring of changes to these libraries. Failure to monitor and review these reports on a regular bases and validating any changes could threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.
Note: For DISA sites the product used to generate these reports is CA-Auditor. z/OS Baseline Reporting – Review period is based upon 10% random selection of z/OS Domains at the given site by the IAO. Such schedule shall not be published or known – selection of z/OS domains shall be randomly selected each week. a) The z/OS Baseline reports (as indentified by report/function CS212C (Updates to SYS1.PARMLIB), CS221C (APF library statistics) and CS243C (LPA library statistics) shall be reviewed and validated with the appropriate system programming staff on a weekly schedule, or as required based on INFOCON Level requirements. Note: Sites that do not utilize CA-Auditor, review the z/OS STIG Addendum for the samples of the CA-Auditor report to identify the information to collect. The INFOCON Level requirements can be found in STRATEGIC COMMAND DIRECTIVE (SD) 527-1. b) Such reports shall be compared with known and authorized changes to the specific z/OS domain. Any anomalies found shall be documented as a potential incident and must be investigated with written documentation as proof showing such review was completed. c) If the baseline reports are being reviewed and samples of the baseline reports exist, there is NO FINDING. d) If the baseline reports are not being reviewed or samples of the reports do not exist this is a FINDING.
Validate the results of the z/OS Baseline reports with the appropriate system programming staff. For sites that have CA-Auditor, minimally the following functional reports shall be validated: CS212C, CS221C and CS243C.. Compliance of this would be for the appropriate system programming staff to review the specific baseline reports and to affirm the changes are legitimate. Any identified exception or anomaly shall be reported, researched and documented. Such documentation shall be made available for auditor reviews. The baseline reports should be created as GDGs, and should be saved for at least a year. Please see the z/OS Addendum under ACP00340 for additional instructions, and a sample of the CA-Auditor reports that should be run for that utilizes CA-Auditor.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer