STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must provide audit record generation capability for DoD-defined auditable events within all application components.

DISA Rule

SV-82677r1_rule

Vulnerability Number

V-68187

Group Title

SRG-APP-000089-MFP-000114

Rule Version

SRG-APP-000089-MFP-000114

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the Mainframe Product to audit all DoD-defined auditing events within all Mainframe Product components.

Check Contents

Examine Mainframe Product documentation.

Refer to NIST SP 800-53 AU-2 or the Risk Management Knowledge Service (RMKS) for DoD auditing events.

Examine configuration settings.

Compare available auditing events.

If available auditing events do not include all DoD-defined auditing events, this is a finding.

If auditing is not available for all components of the Mainframe Product, this is a finding.

Vulnerability Number

V-68187

Documentable

False

Rule Version

SRG-APP-000089-MFP-000114

Severity Override Guidance

Examine Mainframe Product documentation.

Refer to NIST SP 800-53 AU-2 or the Risk Management Knowledge Service (RMKS) for DoD auditing events.

Examine configuration settings.

Compare available auditing events.

If available auditing events do not include all DoD-defined auditing events, this is a finding.

If auditing is not available for all components of the Mainframe Product, this is a finding.

Check Content Reference

M

Target Key

3061

Comments