Mainframe Product Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000086
Group -
SRG-APP-000089
Group -
SRG-APP-000090
Group -
The Mainframe Product must allow only the information system security manager (ISSM) or individuals or roles appointed by the ISSM to select which auditable events are to be audited.
Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audi...Rule Medium Severity -
SRG-APP-000091
Group -
SRG-APP-000092
Group -
The Mainframe Product must initiate session auditing upon startup.
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enab...Rule Medium Severity -
SRG-APP-000095
Group -
SRG-APP-000096
Group -
The Mainframe Product must produce audit records containing information to establish when (date and time) the events occurred.
Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate risk assessment, and provid...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.