Mainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.

From Mainframe Product Security Requirements Guide

Part of SRG-APP-000409-MFP-000257

Associated with: CCI-002884

SV-82911r1_rule Mainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.

Vulnerability discussion

If events associated with nonlocal administrative access or diagnostic sessions are not logged and audited, a major tool for assessing and investigating attacks would not be available.This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems.This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing "ping," "ls," "ipconfig," or the hardware and software implementing the monitoring port of an Ethernet switch).

Check content

If the Mainframe Product has no function or capability for nonlocal maintenance this is not applicable. Examine installation and configuration settings. If the Mainframe Product does not audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records, this is a finding.

Fix text

Configure the Mainframe Product to audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records.

Pro Tips

Powered by sagemincer