Check: IBMZ-VM-000220
IBM zVM STIG:
IBMZ-VM-000220
(in version v1 r0.1)
Title
The IBM z/VM CA VM:Secure product must be installed and operating. (Cat II impact)
Discussion
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records. Using CA VM:Secure audit of all commands with z/VM standard journal record assures that all pertinent information is stored.
Check Content
Verify that CA VM:Secure product is operational on the system by entering the following command: From CMS Command line enter “VMSECURE VERSION”. If there is no response “VMSECURE” is not logged in, this is a finding.
Fix Text
CA VM:Secure product audits all commands. Ensure that CA VM:Secure product is installed and operational. Using CA VM:Secure product audit of all commands with z/VM standard journal record assures that all pertinent information is stored.
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000220
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |