ITschak We don’t keep the log files from that far back. I have apply listings that they have pored over (the auditor used to be a sysprog). Our audit process says that I have to keep all apply listings, well, being a manual process (sdsf XDC command), one of the larger Apply listings is missing (I told him that). I went on to explain that we select maintenance based on SOURCEID’s like RSU, FIXCAT, etc and that the later apply listings with the same selection criteria but fewer PTF’s indicates that was there was remaining to apply. His issue is that he wouldn’t know if he has all the listings or not. He didn’t seem interested with my saying that I’d be shooting myself in the foot if I was applying Fixes known to be in error…..
Well, what he was wanting to see was all the listings to see that there were no BYPASS HOLD ERROR specified. I explained to him that there are certain rare cases where we would do that, either at the direction of the support center, or to get a specific FMID installed, and come around with the needed maintenance after that. Yea, he’s digging way deeper than I ever expected. Then we got into vulnerability management. Another can of worms. When we do maintenance, we do pull the SMPE ++ASSIGN data from the Security Portal and apply all PTF’s with SECINT sourceID. His next question was how often we applied maintenance….we do it 2 times per year. Corp standard is vulnerabilities get fixed within 90 days of reporting. We’ll likely write a Risk acceptance for that. Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of ITschak Mugzach <[email protected]> Date: Tuesday, December 10, 2024 at 12:16 PM To: [email protected] <[email protected]> Subject: Re: SMPE and auditors Let your auditor access to the smp log files and find the answer himself. ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: https://urldefense.com/v3/__http://www.Securiteam.co.il__;!!MwwqYLOC6b6whF7V!gInxYLhsrbsMuZRVRWgftUwtVi4Jz06sgPTrXtwsu8gWeFORarWIDhmHZ1QQRZaSD773WEXaxt-isYRNxJyqXVG66w25x7hzcMY$<https://urldefense.com/v3/__http:/www.Securiteam.co.il__;!!MwwqYLOC6b6whF7V!gInxYLhsrbsMuZRVRWgftUwtVi4Jz06sgPTrXtwsu8gWeFORarWIDhmHZ1QQRZaSD773WEXaxt-isYRNxJyqXVG66w25x7hzcMY$> **|* בתאריך יום ג׳, 10 בדצמ׳ 2024 ב-19:12 מאת Jousma, David < [email protected]>: > All, > > I have an auditor that would like to see if there were any PTF’s applied > in my environment where BYPASS HOLDERROR was specified. Its not enough > for me to tell them that there weren’t any. I have been playing around > with SMPE list commands, and can list PTF’s where BYPASS was specified, but > no further granularity that I can see. And I guess it’s a bit more > complicated than that, as rare as it is to bypass HOLDERROR, I could forsee > one being applied after talking with support center, and then later, the > fixing PTF came along and was applied. > > Any ideas that I am missing? > > Dave Jousma > Vice President | Director, Technology Engineering > > > > > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or disseminate > it in any manner. If you are not the intended recipient, any disclosure, > copying, distribution or use of the contents of this information is > prohibited. Please reply to the message immediately by informing the sender > that the message was misdirected. After replying, please erase it from your > computer system. Your assistance in correcting this error is appreciated. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
