IBM RACF OPERAUDIT SETROPTS value must set to OPERAUDIT.

An XCCDF Rule

Description

<VulnDiscussion>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223694r958732_rule
Severity: Medium
References: CCI-002234
Updated: 17 days ago

NOTE: The RACF AUDITOR attribute is required in order to specify SETROPTS OPERAUDIT and also to display the OPERAUDIT attribute with the SETROPTS LIST command.

Configure the OPERAUDIT SETROPTS value to be set to OPERAUDIT. This specifies that RACF logs all actions such as accesses to resources and commands for a user who has operations or group operations attribute.

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:
The RACF Command SETR LIST will show the status of RACF Controls including a list of ATTRIBUTES. 

Logging of all actions, such as accesses to resources and commands, allowed only because a user has the OPERATIONS or group-OPERATIONS attribute is activated with the command SETR OPERAUDIT.

IBM RACF OPERAUDIT SETROPTS value must set to OPERAUDIT.

Description

Remediation - Manual Procedure