STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must provide an audit reduction capability that supports after-the-fact investigations of security incidents.

DISA Rule

SV-82767r1_rule

Vulnerability Number

V-68277

Group Title

SRG-APP-000365-MFP-000162

Rule Version

SRG-APP-000365-MFP-000162

Severity

CAT II

CCI(s)

• CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.

Weight

10

Fix Recommendation

Configure the Mainframe Product audit reduction capability to support after-the-fact investigations of security incidents.

Check Contents

If the Mainframe Product does not perform audit data management or storage function this is not applicable.

Examine installation and configuration settings.

Verify the Mainframe Product audit reduction capability supports after-the-fact investigations of security incidents. If it does not, this is a finding.

Vulnerability Number

V-68277

Documentable

False

Rule Version

SRG-APP-000365-MFP-000162

Severity Override Guidance

If the Mainframe Product does not perform audit data management or storage function this is not applicable.

Examine installation and configuration settings.

Verify the Mainframe Product audit reduction capability supports after-the-fact investigations of security incidents. If it does not, this is a finding.

Check Content Reference

M

Target Key

3061

Comments