Title

The IBM z/VM CA VM:Secure product AUDIT file must be restricted to authorized personnel. (Cat II impact)

Discussion

If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.

Check Content

Issue command “VMSECURE” Rules System (you must be a system administrator to use this parameter). If there is no rule for access to the 1D0 minidisk, this is a finding. If the rule grants access to the 1D0 minidisk to anyone other than system administrators or security administrators this is a finding.

Fix Text

Ensure that access to VMSECURE 1D0 minidisk is restricted to system administrators or security administrators.

Additional Identifiers

Rule ID:

Vulnerability ID: IBMZ-VM-000200

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.