Navigate

Check: RACF-OS-000070

IBM z/OS RACF STIG: RACF-OS-000070 (in versions v8 r14 through v7 r1)

Title

The IBM z/OS System Administrator (SA) must develop a process to notify appropriate personnel when accounts are modified. (Cat II impact)

Discussion

Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators.

Check Content

Ask the system Administrator for the documented process to notify appropriate personnel when accounts are modified. If there is no documented process, this is a finding.

Fix Text

Develop a documented develop a process to notify appropriate personnel when accounts are modified.

Additional Identifiers

Rule ID: SV-223763r604139_rule

Vulnerability ID: V-223763

Group Title: SRG-OS-000275-GPOS-00105

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001684	The information system notifies organization-defined personnel or roles for account modification actions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-2 (4)	Automated Audit Actions