An error occurred:

Check: RACF0370

zOS RACF STIG: RACF0370 (in versions v6 r43 through v6 r30)

Title

The INITSTATS SETROPTS value is not set to INITSTATS. (Cat II impact)

Discussion

RACF0370: CAT II) INITSTATS specifies statistics available during RACINIT SVC processing are to be recorded. These statistics include the date and time RACINIT is issued for a particular user, the number of RACINITs for a user to a particular group, and the date and time of the last RACINIT for a user to a particular group. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.

Check Content

a) Refer to the following report produced by the RACF Data Collection: - RACFCMDS.RPT(SETROPTS) Automated Analysis Refer to the following report produced by the RACF Data Collection: - PDI(RACF0370) b) If the INITSTATS value is listed as one of the ATTRIBUTES, there is NO FINDING. c) If the INITSTATS value is not listed as one of the ATTRIBUTES, this is a FINDING.

Fix Text

The IAO will ensure that INITSTATS SETROPTS value is set to INITSTATS this specifies that statistics available during RACINIT SVC processing are recorded. Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below: The RACF Command SETR LIST will show the status of RACF Controls including a status of INITSTATS. (1) INITSTATS is activated with the command SETR INITSTATS.

Additional Identifiers

Rule ID: SV-266r2_rule

Vulnerability ID: V-266

Group Title: RACF0370

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000130

The information system generates audit records containing information that establishes what type of event occurred.
CCI-000131

The information system generates audit records containing information that establishes when an event occurred.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-3

Content Of Audit Records