Ok. For the first issue, send him report of holddata and list of installed ptfs and let him do the match ;-)
*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* בתאריך יום ג׳, 10 בדצמ׳ 2024 ב-19:40 מאת Jousma, David < [email protected]>: > ITschak > > We don’t keep the log files from that far back. I have apply listings > that they have pored over (the auditor used to be a sysprog). Our audit > process says that I have to keep all apply listings, well, being a manual > process (sdsf XDC command), one of the larger Apply listings is missing (I > told him that). I went on to explain that we select maintenance based on > SOURCEID’s like RSU, FIXCAT, etc and that the later apply listings with the > same selection criteria but fewer PTF’s indicates that was there was > remaining to apply. His issue is that he wouldn’t know if he has all the > listings or not. He didn’t seem interested with my saying that I’d be > shooting myself in the foot if I was applying Fixes known to be in error….. > > Well, what he was wanting to see was all the listings to see that there > were no BYPASS HOLD ERROR specified. I explained to him that there are > certain rare cases where we would do that, either at the direction of the > support center, or to get a specific FMID installed, and come around with > the needed maintenance after that. > > Yea, he’s digging way deeper than I ever expected. Then we got into > vulnerability management. Another can of worms. When we do maintenance, > we do pull the SMPE ++ASSIGN data from the Security Portal and apply all > PTF’s with SECINT sourceID. His next question was how often we applied > maintenance….we do it 2 times per year. Corp standard is vulnerabilities > get fixed within 90 days of reporting. We’ll likely write a Risk > acceptance for that. > > Dave Jousma > Vice President | Director, Technology Engineering > > > > > > From: IBM Mainframe Discussion List <[email protected]> on behalf > of ITschak Mugzach <[email protected]> > Date: Tuesday, December 10, 2024 at 12:16 PM > To: [email protected] <[email protected]> > Subject: Re: SMPE and auditors > > > > Let your auditor access to the smp log files and find the answer himself. > > > > ITschak > > > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > > and IBM I **| * > > > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* > > *Skype**: ItschakMugzach **|* *Web**: > https://urldefense.com/v3/__http://www.Securiteam.co.il__;!!MwwqYLOC6b6whF7V!gInxYLhsrbsMuZRVRWgftUwtVi4Jz06sgPTrXtwsu8gWeFORarWIDhmHZ1QQRZaSD773WEXaxt-isYRNxJyqXVG66w25x7hzcMY$ > < > https://urldefense.com/v3/__http:/www.Securiteam.co.il__;!!MwwqYLOC6b6whF7V!gInxYLhsrbsMuZRVRWgftUwtVi4Jz06sgPTrXtwsu8gWeFORarWIDhmHZ1QQRZaSD773WEXaxt-isYRNxJyqXVG66w25x7hzcMY$> > **|* > > > > > > > > > > > > בתאריך יום ג׳, 10 בדצמ׳ 2024 ב-19:12 מאת Jousma, David < > > [email protected]>: > > > > > All, > > > > > > I have an auditor that would like to see if there were any PTF’s applied > > > in my environment where BYPASS HOLDERROR was specified. Its not enough > > > for me to tell them that there weren’t any. I have been playing around > > > with SMPE list commands, and can list PTF’s where BYPASS was specified, > but > > > no further granularity that I can see. And I guess it’s a bit more > > > complicated than that, as rare as it is to bypass HOLDERROR, I could > forsee > > > one being applied after talking with support center, and then later, the > > > fixing PTF came along and was applied. > > > > > > Any ideas that I am missing? > > > > > > Dave Jousma > > > Vice President | Director, Technology Engineering > > > > > > > > > > > > > > > > > > This e-mail transmission contains information that is confidential and > may > > > be privileged. It is intended only for the addressee(s) named above. If > > > you receive this e-mail in error, please do not read, copy or disseminate > > > it in any manner. If you are not the intended recipient, any disclosure, > > > copying, distribution or use of the contents of this information is > > > prohibited. Please reply to the message immediately by informing the > sender > > > that the message was misdirected. After replying, please erase it from > your > > > computer system. Your assistance in correcting this error is appreciated. > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or disseminate > it in any manner. If you are not the intended recipient, any disclosure, > copying, distribution or use of the contents of this information is > prohibited. Please reply to the message immediately by informing the sender > that the message was misdirected. After replying, please erase it from your > computer system. Your assistance in correcting this error is appreciated. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
