IBM z/VM must have access to an audit reduction tool that allows for central data review and analysis.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-237970 | IBMZ-VM-002400 | SV-237970r649750_rule | CCI-000366 | medium |
| Description | ||||
| Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. Audit records may at times be voluminous. Without a reduction tool crucial information may be overlooked. | ||||
| STIG | Date | |||
| IBM zVM Using CA VM:Secure Security Technical Implementation Guide | 2022-08-31 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-237970r649750_chk)
Ask the system administrator if there is an audit reduction tool available for use with IBM z/VM.
Determine if a process is established to route audit records to the tool.
If there is no audit tool available, this is a finding.
If a procedure for routing audit records to the tool is not documented and on file with the ISSM/ISSO, this is a finding.
Fix Text (F-41139r649749_fix)
Develop a process for routing audit records to an audit reduction tool.
Document the process and file with the ISSM/ISSO.