On Tue, 17 Jun 2008 11:38:30 +0100, Bri P wrote: >It shouldn't matter too much for your PCI audit. The requirement is not really >that each server has exactly the same time, as long as any time difference is >fairly constant and is quantifiable. It's there really so that different >server's system logs can be used collectively or in concert should some later >investigation into something become necessary. > >If you can demonstrate to your auditor that you take steps to ensure that the >mainframe clock does not drift too much and that you know what any time >difference is, he should accept that, or at least note that a compensating >control is in place. For example, twice a year setting the HMC system clock >with some external time reference (even the Speaking Clock) and ensuring that >your IPL'd systems pick up that changed time. You don't need to be >second-accurate, as long as the difference is known. > What are the guaranteed maximum drift rates of:
o The HMC clock between settings with an external reference o The [E]TOD clock between IPLS in the absence of STP or ETR? (I suspect the vendor won't specify the latter, but will recommend STP.) Will this be acceptable to the auditor? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
