1

When you use the 2.1.1 Parmlib Map and 2.1.2 Parmlib Status functions to audit a logical Parmlib, you will receive a screen that lists the data set names and volume serial numbers on which they reside of each data set that comprises the logical Parmlib. If any data sets show up as not being found, it is possible that they have been deleted, renamed, archived (migrated), or have been moved to a different DASD volume. In any event, this indicates a mismatch between the IPL environment and the LOADxx IPL member that is being used, which should be resolved.

2

Using the Catalog File Scan (6.2) or your access control software, verify that adequate procedures and controls prevent unauthorized updates to each such data set comprising the logical Parmlib.

3

Because of its statement‑image format, logical Parmlib data sets are updated most often through the TSO/ISPF.

Prepare a work paper that shows who updated which Parmlib member in which library by splitting the screen and running ISPF/PDF function 3.1, option X, against each data set comprising the logical Parmlib to generate a library index listing.

You should also run the ISPF/PDF function 3.1, option I, against each data set comprising the logical Parmlib to check on the number of DASD extents currently allocated to each logical Parmlib data set.

DF/SMS has an architectural limit for concatenated PDS/PDSE data sets of 120 DASD extents. If this limit is exceeded, it is possible that one or more of the logical Parmlib data sets specified in the LOADxx member may be ignored.

4

From the Parmlib IPL Map display (2.1.1), note the number of IEASYSxx option sets in the logical Parmlib.

Determine that there is adequate documentation that defines the purpose, function, and use of each set available to operations personnel.

5

It is good system operations practice for each IEASYSxx option set to explicitly refer to the parameter library members that it uses.

From the Parmlib IPL Map display (2.1.1), note any members that another member refers to but that CA Auditor could not find. In these cases, z/OS substitutes the default (00 suffix) version of the member, which can result in unexpected option selection.

If you find members which are referenced by other logical Parmlib members, but which do not actually exist, remember from step 1 that there may be one or more logical Parmlib data sets specified in the LOADxx member which were not found. Perhaps the missing member or members you are trying to locate came from one of these missing logical Parmlib data sets.

6

From the Parmlib IPL Map display (2.1.1), ensure that no members have diagnostic messages in the PARM STATUS column. These messages indicate potential conflicts in the operating system release level. Review them with the systems support staff.

7

z/OS provides a mechanism to force the console operator to use the default option set. Use the Parmlib IPL Map display (2.1.1) to browse the IEASYS00 member and find the OPI= parameter. YES permits operators to specify alternate option sets, whereas NO, the appropriate value does not permit option substitution.

8

Scroll to the end of the Parmlib IPLMap display and determine if the analysis found any unreferenced parameter library members. Determine if adequate documentation is available that defines the purpose, function, and use of any such members.

9

Use the Parmlib Member Status display (2.1.2) to record the number of members. Determine if any members were added, deleted, or changed since the last review.

10

If CA Auditor detected changes in Step 8 and if an archival copy of logical Parmlib data sets are available, use the File Comparison function (6.4) to determine exactly what changes were made to which logical Parmlib. Keep in mind that it is possible that one or more members may have moved “up” or “down” the logical Parmlib concatenation, moving from one concatenated data set to another.

11

Use the File History Search (6.5) to determine which jobs updated which logical Parmlib data sets in the time period before the date that a change was detected.

If none are found, check the SMF Options Display (1.5.1) to ensure that proper SMF type records are recorded.

12

Use the Parmlib Dataset Information display (2.1.3) to display the logical parmlib concatenation that was specified at IPL time and how it was specified (LOADxx member or Master JCL). If it has changed from IPL, the logical parmlib concatenation currently in effect at the time of the audit is displayed. Such changes can occur with use of the SETLOAD operator command. If installation procedure allows such changes, ensure that appropriate action is taken to track issuance of such commands. In addition, you may want to determine if MVS OPERCMDS security is in place to ensure that only authorized installation personnel issue such commands.

13

Using the Parmlib Member Status, Parmlib IPL Map, Parmlib Dataset, File Comparison, and File History Search displays, and the work papers that you prepared for TSO/ISPF updates and operator IPL parameters, you have a complete picture of the z/OS logical Parmlib.

Determine that proper change control authorization, promotion‑to‑production, and approvals were obtained for the activity that you documented.