User:Techstar
RACF Audit
[edit]A RACF audit is a comprehensive evaluation of security that examines the RACF database and related z/OS settings on an IBM Mainframe. The audit is performed by finding deviations from IBM best practice or installation specific settings. The audit may offer remedial action to reduce vulnerabilities.
Definitions
[edit]RACF is an acronym for Resource Access Control Facility.
z/OS is the most common IBM Mainframe operating system. It was first released in 1974 as MVS and has had several distinct incarnations as capabilities were added. MVS was renamed to z/OS in 2000.
Audit Items
[edit]IPL Volume and Device
| Field name | Information in field | What to look for | Example of concerns |
|---|---|---|---|
| IPL volume | Volser | Any change | IPL from unapproved location |
| IPL device | Device/Unit address | Any change |
SMF Parameters
| Field name | Field detail | Possible values | Definition and concerns |
|---|---|---|---|
| Active | ACTIVE value from SMFPRMxx | Yes, No | No indicates SMF logging is off |
| Job Wait Time | JWT value from SMFPRMxx | HH:MM | The maximum amount of time that a job or TSO/E session may be inactive |
| MaxDorm | MAXDORM value from SMFPRMxx | HH:MM or none | The maximum time that data remains in the SMF buffer before it is written to the SMF log. |
| Temp17 | REC value from SMFPRMxx | Yes, No | The REC value specifies whether information for type 17 SMF records is saved. These are temp data sets. |
| NoBuffsHalt | NOBUFFS value from SMFPRMxx | Yes, No | |
| LastDSHalt | LASTDS value from SMFPRMxx | Yes, No |