Verification and Compliance › Verification of Systems and Data Integrity

Verification of Systems and Data Integrity

All jobs, data files, programs, and hardware devices are under the direct control of z/OS, therefore a complete audit is crucial. For example, it is possible to set up users that ignore passwords, subvert CA Top Secret, and modify production data. User can also destroy audit trails and access restricted files—through z/OS granted permissions. On the systems level, it is your responsibility to control:

• The z/OS system generation (SYSGEN) specifications and parameter library (PARMLIB) contents.
• Operating system maintenance, tuning, and change management.
• z/OS operator consoles, commands, routing codes, and the security of the z/OS PASSWORD file and its contents.
• Administration and control of the Time Sharing Option (TSO).
• Authorized Program Facility (APF) library administration.
• The Program Properties Table (PPT) specifications.
• The entire access control software implementation.
• Other vendor and site defined Supervisor Calls (SVCs).
• Program product and site defined Input/Output (I/O) Appendages.
• The System Management Facility (SMF) options, files, and contents.
• z/OS System Exit selection, coding, usage, control, and documentation.
• The Job Entry Subsystem (JES) options, parameters, exits, and PROCLIBs.
• Installation and control of site‑defined z/OS subsystems.
• Usage and control of the System Modification Program (SMP).
• Installation and control of products like IMS and CICS.
• Administration and control of any job accounting facility.
• Contents of the system link pack areas (PLPA, FLPA, MLPA).
• Installation and control of all third-party vendor products.

Information From CA Auditor

Some of the information that is provided by CA Auditor includes:

System Level Function

Provides z/OS version, level number, SUs, IPL and SYSGEN information, CPU type and serial number, and so on. CA Auditor allows online retrieval of SMF data in English, explains SMF options parameters, files, and exits. System level functions can scan PROCLIBs, and provides JES and SMF IDs, JES PROCLIB identification, and JES2 options.

Hardware Information

Includes device display by address, name, type, or allocation status. Online summary of disk and tape error rates, display of operator consoles including routing codes, allowable command groups, and alternate console structure is also available.

System Library Analysis

Includes PARMLIB and z/OS release independent display of APF, LINKLIST, LPA, and key system libraries. Determination of APF problems, such as duplicate modules, unauthorized copies of superzap, duplicated module detection, APF TSO programs and commands, and so on. It also provides automatic detection of PARMLIB changes and mapping of system catalogs.

Technical Information

Provides unique analysis functions to display z/OS subsystem information; search and scan for site defined I/O appendages; locate and identify major exits; display and analyze PLPA, MLPA, FLPA, and the Program Properties Table; and detect intercepts and abnormal conditions for IBM, site‑defined, and ESR SVC modules.

Job and Program Functions

Provides JCL scans, intelligent online program compare, program freezer, program origin determination, program statistical information, and SMF‑based job and program scans.

File Functions

Provides Library and VTOC integrity analysis, password system validation, catalog, and volume based complex search capability, library source and load module correlation, file freezer, and file compare.

A z/OS system audit should include an evaluation of all threats. Occasional checks of program code, data files, and audit trails are required. Audit trails of changed data elements are facilitated through the Applications Interface.