RACF – For Auditors 2.4

Duration

4 hours

Overview

The “RACF – For Auditors” course describes the various types of data center audits and discusses the role of an internal auditor when performing a RACF audit. It expands this to look at the general steps to ensure that RACF managed security is aligned with both organizational security standards, and external compliance regulations. RACF auditor privileges are discussed in detail describing how audit information is stored and the commands used to request the capture of specific events. The type of data that can be unloaded from SMF, and the RACF database, is explained along with details on how ICETOOL can be used to process this information to create audit reports.

Audience

Security administrators, and IT auditors who are responsible for auditing the RACF environment. System programmers would also benefit from this course, giving them a better understanding of audit requirements from a RACF perspective.

Prerequisites

Successful completion of all other RACF courses in this curriculum, or equivalent knowledge.

Objectives

After completing this course, the student will be able to:

• Identify general processes when undertaking a RACF audit
• Identify RACF Auditor roles
• Describe general RACF auditing controls
• Describe how RACF information is logged
• Describe how the SMF dump utility is used to extract RACF records
• Run the IRRDBU00 utility to unload the RACF database
• Run ICETOOL jobs to create reports from unloaded data

Course Content

RACF Auditing Controls and Options

RACF audit roles
Assigning Auditor privileges
Logging of security-related events
Owner-controlled and Auditor-controlled logging
AUDIT and NOAUDIT controls
Using LOGOPTIONS to define what is logged
Logging command violations
GLOBALAUDIT attribute
Auditing z/OS UNIX

RACF – For Auditors 2.4 Mastery Test