Mainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-205578	SRG-APP-000409-MFP-000257	SV-205578r961548_rule		Medium

Description

If events associated with nonlocal administrative access or diagnostic sessions are not logged and audited, a major tool for assessing and investigating attacks would not be available. This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing "ping," "ls," "ipconfig," or the hardware and software implementing the monitoring port of an Ethernet switch).

STIG	Date
Mainframe Product Security Requirements Guide	2024-12-05

Details

Check Text (C-5844r299961_chk)

If the Mainframe Product has no function or capability for nonlocal maintenance this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product does not audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records, this is a finding.

Fix Text (F-5844r299962_fix)

Configure the Mainframe Product to audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records.