On Thursday, 09/24/2009 at 01:13 EDT, "Martin, Terry R. (CMS/CTR) (CTR)" <terry.mar...@cms.hhs.gov> wrote: > 5-1. RACF is configured to be the external security manager (ESM) of zVM.
As Bruce says, you see RACF messages on OPERATOR's console. > 5-2. Configuration of zVM internal auditing: if RACF is not configured to > capture zVM security events, is CP configured to log specific security event? Flag on the play! RACF is your chosen security policy enforcement tool. Ergo, security events are to be logged by RACF, not by CP. If logging of an event within RACF is disabled, then it is intended that no auditing take place. In any case, RACF auditing capabilities far exceed those of CP, so auditor-san would have to be more specific. To which specific security events does the auditor refer? (CP does not, for example, audit any privileged CP command or DIAGNOSE instruction. RACF does.) DSMON provides the configuration report that the auditor would use to verify the configuration. (With automation, subsequent DSMON reports can be compared to a "reference standard" to detect changes.) > 5-3. Is zVM configured to overwrite the temporary (T) disk upon allocation to > prevent unauthorized access to sensitive data placed on T-disks. SYSTEM CONFIG (CLEAR_TDISK is ENABLEd and there is no countermanding DISABLE). > 5-4. Object reuse parameter settings supported/configured for CP to minimize > unauthorized users accessing sensitive CMS residual data (i.e., data deleted > but not scratched from minidisk space). This is policy within your disk provisioning tool (e.g. DISK_CLEANUP=YES in DIRMAINT CONFIGxx DATADVH). Alan Altmark z/VM Development IBM Endicott
