Duration
4 hours
Overview
The “RACF – For Auditors” course describes the various types of data center audits and discusses the role of an internal auditor when performing a RACF audit. It expands this to look at the general steps to ensure that RACF managed security is aligned with both organizational security standards, and external compliance regulations. RACF auditor privileges are discussed in detail describing how audit information is stored and the commands used to request the capture of specific events. The type of data that can be unloaded from SMF, and the RACF database, is explained along with details on how ICETOOL can be used to process this information to create audit reports.
Audience
Security administrators, and IT auditors who are responsible for auditing the RACF environment. System programmers would also benefit from this course, giving them a better understanding of audit requirements from a RACF perspective.
Prerequisites
Successful completion of all other RACF courses in this curriculum, or equivalent knowledge.
Objectives
After completing this course, the student will be able to:
- Identify general processes when undertaking a RACF audit
- Identify RACF Auditor roles
- Describe general RACF auditing controls
- Describe how RACF information is logged
- Describe how the SMF dump utility is used to extract RACF records
- Run the IRRDBU00 utility to unload the RACF database
- Run ICETOOL jobs to create reports from unloaded data
Course Content
Introduction to RACF Auditing
Why a RACF audit is required
Internal and External audits
Tools to assist you with a RACF audit
Audit certification opportunities
Technical skills and knowledge to perform a RACF audit
The RACF auditing process
RACF Auditing Controls and Options
RACF audit roles
Assigning Auditor privileges
Logging of security-related events
Owner-controlled and Auditor-controlled logging
AUDIT and NOAUDIT controls
Using LOGOPTIONS to define what is logged
Logging command violations
GLOBALAUDIT attribute
Auditing z/OS UNIX
RACF Audit Utilities and Reports
RACF SMF record types
IRRADU00 utility
Sorting unloaded SMF data
Creating XML data from unloaded SMF records
Unloading RACF database content
Creating ICETOOL reports
Invoking the RACFICE procedure
Pre-defined ICETOOL reports
Creating a customized ICETOOL report