Using CA Auditor › Analysis Categories

Analysis Categories

These categories cover two broad categories of analysis: system‑related analysis of the software and hardware that make up the z/OS environment (options 1‑3) and analysis of the jobs, programs, and files that the system processes (options 4‑9). CA Auditor is structured in a top‑down fashion, from most general to most specific:

• The Management Information menu options provide a high‑level analysis of the z/OS system that CA Auditor is running on. This menu provides information such as the CPU model type and serial number, date and time of last IPL, and the job entry subsystem used. Information on the data center’s hardware configuration, the hardware error rate, operator console capabilities, and SMF recording is also included in this function.
• The System Installation Choices menu goes a little deeper by detailing the options that customized z/OS to fit the needs of the data center. The z/OS System Installation Choices menu options review areas such as the z/OS parameter library (logical Parmlib), authorized program facility (APF), system modification program (SMP/E), key z/OS system libraries, the time‑sharing option (TSO), user attributes data set (UADS), and z/OS system catalogs.
• The Technical Information menu reviews the internal components of z/OS. These menu options analyze information about the subsystems that run under z/OS, I/O appendages, z/OS system exits, link pack area (LPA), fixed and modified LPA (FLPA and MLPA), program properties table (PPT), and supervisor call routines (SVCs).
• The Job Information menu options provide information on the job entry subsystem parameters JES uses and the names of JES procedure libraries. They also perform complex searches of the JCL libraries and display history information about job use as recorded in the SMF files or log streams.
• The Program Information menu provides analysis information about the programs that run on the system. The information provided by these options includes the origin of programs, the dates of compilation and link‑edit, and the size of modules. You can also compare one source program to another and one load module to another. You can also review history information about program use and monitor program changes.
• The File Information menu provides information about the files that are stored and processed on the system. Integrity analysis is performed for the z/OS password system, load libraries, and volume tables of contents (VTOCs). CA Auditor can also perform complex searches for cataloged files, find files on specific volumes, compare different versions of the same file, provide a history of file use through the SMF records, and detect changes in files.
• The ESM (external security manager) analysis menu provides information about the ESM in use on the system being audited. The information provided includes analysis of security-related exit points (both ESM and SAF), ESM security files, and class descriptor table (CDT) entries and definitions, and standard IBM-defined CDT definitions.
• The Baseline alerts menu provides the means to view alerts and reports generated by baseline historical analysis processing. Alerts generated for a specific TSO user ID can be viewed from this function, along with the saved comparison output from completed processing.
• The z/OS UNIX analysis menu displays the current z/OS UNIX configuration options. These options might have been changed after the system IPL by dynamic modifications.