|
|
|
We recommend that you use the CA Auditor freezer to detect changes to source libraries, executable libraries, configuration libraries, and memory-resident programs, such as LPA modules.
Business Value:
The CA Auditor freezer offers a high-performance, low-risk, and low-impact means to detect critical system component changes. This practice helps satisfy general compliance-related requirements mandated by Sarbanes-Oxley (SOX), the Payment Card Industry-Data Security Standard (PCI-DSS), other compliance requirement and regulations, as well as generally accepted auditing principles.
Additional Considerations:
To understand the role of the CA Auditor freezer, consider an auditor's typical process. An auditor begins an object audit by examining current data, ascertaining adequacy of controls, and establishing a baseline view. This view becomes the standard against which auditors check for changes. The auditor then periodically compares the present state to the baseline data.
Finding a difference does not necessarily indicate a problem; however, if upon investigation, an auditor determines that users did not follow change control procedures, the auditor must address why.
You can use the CA Auditor freezer with the baseline analysis function. For example, you can use baseline analysis to monitor the contents of the various configuration lists, and you can then use the freezer to monitor the contents of each library within the list.
More Information:
For detailed CA Auditor freezer information, see the Usage Guide and the Technical Reference guide.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |