In our encounter executing IT audits on IBM mainframes, we wished to share our practical experience employing the RACF DSMON (Info Protection Observe) application. This method can be utilised to run a established of beneficial reports on the mainframe technique and safety atmosphere.
Be aware that DSMON is relevant only for mainframes on which RACF – Resource Entry Management Facility is put in as element of the IBM Stability Server suite.
DSMON studies are made employing a pre-packaged ‘job.’ To operate DSMON experiences, the operator should generally have the ‘auditor’ attribute.
10 DSMON reports are mentioned below with a short description, the report’s material and suitable data to an IT auditor.
1. Technique. This report is made up of basic process, components (CPU) and RACF information. Auditors can use this to verify that variations are existing for the operating technique and RACF.
2. RACGRP Group Tree Report. This report displays the hierarchy of groups with the possession chain. Auditors can use this report to notice the naming convention employed in team names.
3. SYSPPT Program Properties Desk (PPT) displays programs that execute with distinctive privileges these as bypass password safety. This report can be utilised to validate every single application in the table.
4. RACAUT RACF Authorized Caller Desk. This table demonstrates non-approved plans that can invoke privileged RACF functions. Auditors commonly want to see this desk vacant with exceptional exceptions.
5. RACCDT RACF Class Descriptor Desk. This table exhibits the status of RACF general resource courses – lively or inactive. Auditors can use this report to confirm that ‘auditing’ is enabled and the setting of the default universal obtain authority (UACC).
6. RACEXT RACF Exits. Listing of exits or subroutines. Auditors need to inspect this report for any more or unauthorized exits.
7. RACGAC RACF International Access Desk Report. For every single RACF standard useful resource course, the world-wide obtain entities are in outcome.
8. RACSPT RACF Commenced Procedures Desk. Displays consumer and team IDs connected with started off jobs and the privileged or dependable standing. Entries are popular for subsystem startup and restoration. Auditors should really be knowledgeable of the ‘privileged’ or ‘trusted’ attributes shown listed here.
9. RACUSR RACF Consumer Attibute Report. This report displays buyers with the ‘special’, ‘operations’ and ‘auditor’ attributes. Auditors should really shell out specific attention to this report as these characteristics grant highly effective authority in the mainframe setting.
10. SYSSDS Chosen Datasets Report. There are a collection of dataset stories on sensitive datasets together with master and person catalogs, linklist and APF (approved program facility) libraries. Just about every selected dataset is exhibited with the serial amount of the quantity on which the dataset resides, the choice criterion, regardless of whether the dataset is RACF-indicated or RACF-protected and the universal obtain authority (UACC) for the data set.
The bottom line is that DSMON studies are very handy to an IT auditor examining an IBM mainframe method. These studies are exceptionally useful in finding a broad assortment of facts that is releveant to an IT audit.
Reference: IBM z/OS Protection Server RACF Auditor’s Guidebook.