|
|
|
Use the Program Freezer option (5.5) to detect changes to source and load programs and libraries. You must have read access to the libraries that contain the programs that you want to check.
Auditor___________________________ Location___________________ Page____of____
Approved__________________________ CPU________________________ Date__________
|
Step |
Description |
W/P Ref |
Finding |
Remarks |
|---|---|---|---|---|
|
1 |
Keep an archived copy of the programs that are easily misused, such as user SVCs, exits, key parameters, key JES parameters, and security software modules. This practice lets you compare versions of each program and pinpoint changes. |
|
|
|
|
2 |
View a list of active SMF exits using the SMF Analysis display (1.5). Enter the F line command next to entries that you want to track. Review the exit’s change summary to find out if the program changed. |
|
|
|
|
3 |
If the exit you selected for review was frozen during a previous review, determine whether the exit was changed since the last review. Verify that these changes agree with the change procedures and authorization records. |
|
|
|
|
4 |
If the exit’s location changed, determine whether this change is the result of an intervening IPL using the z/OS System Overview display (1.1). If the exit’s size changed, review the SMP/E data to determine if the change was applied through SMP/E. |
|
|
|
|
5 |
Compare library members to the list of global CSIs using the SMP/E Analysis display (2.3). Use the F line command to freeze one or more of the entries listed. |
|
|
|
|
6 |
If the library or program that you selected for review was frozen during a previous review, determine whether the library changed since the last review. Review the change log to compare the current and previous versions. Note any link‑edit changes or changes in the number of library members. Verify that these changes agree with the change procedures and authorization records. |
|
|
|
|
7 |
Compare program updates to the CSI list using the Program Updates Selection screen (2.4.6). This assumes that IDR data is available to you. Use the F line command to check one or more of the entries listed. Review the program’s change summary to find out if the program changed. |
|
|
|
|
8 |
If a program was frozen during a previous review, review the program’s change log to compare the current and previous versions. Note any changes that CA Auditor detected. Verify that these changes agree with change procedures and authorization records. |
|
|
|
|
9 |
Determine whether changes to source code are the result of changes to members in the logical Parmlib using the Parmlib Information display (2.1). |
|
|
|
|
10 |
Check the system log to determine whether changes in the operator’s IPL parameters are responsible for the changes that CA Auditor detected. If both the address and length of the program changed, this is probably the reason. Because an IPL can cause modules in storage to move to a new location, we recommend that you use the batch facility to freeze all memory‑resident modules after each IPL. This practice lets you distinguish between actual changes to the code and changes that are the result of an IPL. You can use automated scheduling software such as CA Scheduler or CA 7 to perform these audit tasks on a regularly scheduled basis. |
|
|
|
|
11 |
Determine the names and libraries of exit modules using the System Exit Display (3.3). Use the F line command to freeze one or more of the entries listed. Review each module’s change summary to find out if it changed. |
|
|
|
|
12 |
If an exit module was frozen during a previous review, determine whether the module changed since the last review. Review the module’s change log to compare the current and previous versions. Note any changes that CA Auditor detected. Verify that these changes agree with change procedures and authorization records. |
|
|
|
|
13 |
Determine the names and types of SVCs using the SVC Analysis Display (3.7). Select the type 3 and 4 SVCs on the FLPA, MLPA, and LPA displays (3.4 and 3.5), and perform a library search for SVC types. |
|
|
|
|
14 |
Enter the F line command next to the SVCs that you want to track. Review the SVC’s change summary to determine whether the SVC changed. |
|
|
|
|
15 |
If the SVC was frozen during a previous review, determine whether CA Auditor detected any changes since the last freeze. Review the SVC’s change log to compare the current and previous versions. Verify that any changes agree with the change procedures and authorization records. |
|
|
|
|
16 |
To see a list of APF‑authorized programs, use the Get Program Statistics display (5.2). Enter the F line command next to entries that you want to track. Review the program’s change summary to determine if the program changed. |
|
|
|
|
17 |
If the program you selected was frozen during a previous review, determine whether it changed since then. This assumes that IDR data is available and that SMP/E applied the changes. Review the program’s change log to compare the current and previous versions. Note any misused program zaps or subsequent link‑edits. Verify that these changes agree with change procedures and authorization records. |
|
|
|
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |