STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM RACF SETROPTS LOGOPTIONS must be properly configured.

DISA Rule

SV-223653r604139_rule

Vulnerability Number

V-223653

Group Title

SRG-OS-000004-GPOS-00004

Rule Version

RACF-ES-000050

Severity

CAT II

CCI(s)

• CCI-001404 - The information system automatically audits account disabling actions.
• CCI-001405 - The information system automatically audits account removal actions.
• CCI-000018 - The information system automatically audits account creation actions.
• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.
• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
• CCI-002884 - The organization audits nonlocal maintenance and diagnostic sessions^ organization-defined audit events.

Weight

10

Fix Recommendation

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

Ensure that the following LOGOPTIONS are specified:
LOGOPTIONS "FAILURES" CLASSES = <all the classes listed in the “ACTIVE” class as a minimum>
LOGOPTIONS "NEVER" CLASSES = NONE

The other LOGOPTIONS may be site determined.

Check Contents

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

Verify that the following LOGOPTIONS are specified:
LOGOPTIONS "FAILURES" CLASSES = <all the classes listed in the “ACTIVE” class as a minimum>
LOGOPTIONS "NEVER" CLASSES = NONE

The other LOGOPTIONS may be site determined.

If the LOGOPTIONS are not set as described above, this is a finding.

Vulnerability Number

V-223653

Documentable

False

Rule Version

RACF-ES-000050

Severity Override Guidance

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

Verify that the following LOGOPTIONS are specified:
LOGOPTIONS "FAILURES" CLASSES = <all the classes listed in the “ACTIVE” class as a minimum>
LOGOPTIONS "NEVER" CLASSES = NONE

The other LOGOPTIONS may be site determined.

If the LOGOPTIONS are not set as described above, this is a finding.

Check Content Reference

M

Target Key

4101

Comments