Even if your auditors don't have actual knowledge of i5/OS security themselves, they typically have a "playbook" of audit points to look for in your i5/OS security configuration.
Editor's note: This article introduces the white paper "Oh No! Another Audit!" available free at the MC White Paper Center.
Some industries, such as finance, seem to have audits every other month and others only once a year. Regardless of the frequency of your audits, they take up your time and energy. SkyView Partners products and services were developed to reduce the cost and drive out the complexity of compliance requirements stemming from audits and various laws and regulations. This paper is devoted to the discussion of the typical audit requirements that I see our customers experiencing and how SkyView products and services address those audit points.
If your auditors don't have actual knowledge of i5/OS security themselves, they typically have a "playbook" of audit points to look for in your i5/OS security configuration. Let's look at the most common ones.
System Values
According to an auditor's playbook, system values must be set to certain settings. But what happens when you can't set a system value to the auditor's required setting? Answer: You write a risk-acceptance statement justifying the current setting. SkyView Risk Assessor provides a detailed description of all security-relevant system values along with reasons you may not be able to set the value to "best practices." You then use these expert explanations in your risk acceptance statement that you document in the Policy Description in SkyView Policy Minder. Because another item the auditor will demand is proof that you are (and have been) in compliance with your organization's policy. Policy Minder compliance reports provide this proof. And you can use the policy report to show your auditor your policy and risk acceptance statements.
User Profiles
When it comes to user profile settings, I've found that auditors are looking for the following:
Want to Know the Rest?
To read the rest of the white paper "Oh No! Another Audit!" download it free from the MC White Paper Center.
as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7
LATEST COMMENTS
MC Press Online