Auditing, Reporting, and Surveillance › Characteristic Auditing Authorities

Characteristic Auditing Authorities

Auditors must be given specific administrative authorities that relate to the scope of their job.

Job functions and type of administrative authority define the auditor role. Multiple auditors with different areas of responsibility can be defined; for example, central auditor and divisional auditor.

The ACID type that was assigned when the ACID was created defines the auditor’s scope. For example, a central auditor would be defined as an SCA, while a divisional‑level auditor would be defined as a VCA. The CA Top Secret actions that an auditor is authorized to initiate are a function of the administrative authorities assigned. The administrative authorities that are characteristically given to auditors are:

• ACID (AUDIT, INFO, REPORT)
• RESOURCE (AUDIT, INFO, REPORT)
• DATA (ALL, PROFILE, PASSWORD)
• MISC1 (TSSSIM)
• MISC5 (MLSADMIN)
• MISC8 (LISTRDT, LISTSTC, LISTSDT)
• MISC9 (GENERIC)

Example: Establishing a central auditor

This example gives the attributes and authorities that are required to define someone to CA Top Secret to perform the functions of central auditor. The authority that is established allows:

• CTLADT to audit resources and users
• The auditor to use TSSCFILE, TSSCHART, TSSUTIL, TSSTRACK, TSSAUDIT, and TSSSIM to perform inquiries about all resources and ACIDs
• CTLADT to list any information from any Security Record except the password.

Since CTLADT is an SCA, the scope is the entire installation.

TSS CREATE(CTLADT) NAME('CENTRAL AUDITOR')
                   TYPE(SCA)
                   PASSWORD(password)
                   FACILITY(TSO,BATCH)

TSS ADMIN(CTLADT) RESOURCE(AUDIT,REPORT,INFO)
                  MISC9(GENERIC)
                  ACID(AUDIT,REPORT,INFO)
                  MISC1(TSSSIM)
                  DATA(ALL,PROFILE)
                  MISC8(LISTRDT,LISTSTC,LISTSDT)