Check: IBMZ-VM-000180
IBM zVM STIG:
IBMZ-VM-000180
(in version v1 r0.1)
Title
The IBM z/VM CA VM:Secure product must be installed and operating. (Cat II impact)
Discussion
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the individual identities of group users. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the actual account involved in the activity. Using CA VM:Secure audit of all commands with z/VM standard journal record assures that all pertinent information is stored.
Check Content
Verify that CA VM:Secure product is operational on the system by entering the following command: From CMS Command line enter “VMSECURE VERSION”. If there is no response “VMSECURE” is not logged in, this is a finding.
Fix Text
CA VM:Secure product audits all commands. Ensure that CA VM:Secure product is installed and operational. Using CA VM:Secure product audit of all commands with z/VM standard journal record assures that all pertinent information is stored.
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000180
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000135 |
The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records. |
Controls
Number | Title |
---|---|
AU-3 (1) |
Additional Audit Information |