The mainframe product must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

From Mainframe Product Security Requirements Guide

Part of SRG-APP-000357-MFP-000148

Associated with: CCI-001849

SV-82747r1_rule The mainframe product must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Vulnerability discussion

In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the application and is closely associated with the DBA and system administrator roles. The DBA or system administrator will usually coordinate the allocation of physical drive space with the application owner/installer and the application will prompt the installer to provide the capacity information, the physical location of the disk, or both.

Check content

If the Mainframe Product uses MVS System Management Facility (SMF) recording or ESM log files for auditing purposes, this is not applicable. Examine the Mainframe Product installation and configuration auditing settings. If the installation and/or configuration setting for auditing do not allocate audit record storage capacity in accordance with organization-defined audit record storage requirements, this is a finding.

Fix text

Configure installation and/or configuration auditing settings to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer