AU.R.T - Test rule

The AU.R.T Test rule option can be used to evaluate, configure, browse, view, or edit a single control (or rule set).

On the main AU.R menu, type T on the Option line and press Enter. The panel that is then displayed depends on whether you have worked with single or multi-standard syntax for coding compliance controls that are part of supported standards:

The multi-standard syntax supports multiple standards and versions as specified in the STD keyword of a CONTROL (or RULE_SET) statement. When applicable, the STD keyword also contains the associated references for the control. Multi-standard syntax is used for controls that are part of the z/OS STIG v8, Product STIG standards, and CIS Benchmarks.
The single standard syntax supports a single standard and version, and uses the SET keyword to logically group rules together. For example, to associate a RULE to the corresponding CONTROL. Currently, single-standard syntax controls have a multi-standard syntax equivalent, including PCI-DSS and zSecure Extra standards. Single-standard syntax controls are no longer available to be run as a standard in zSecure Audit. .

Multi-standard syntax

The following panel is displayed to enable working with a multi-standard, multi version control member.

Figure 1. AU.R.T - Compliance Test multi-standard control member

                          zSecure Suite - Audit - Test rule                   
Command ===> _________________________________________________________________ 
                                                                               
Action and name for CARLa control member                                     
1  1. Evaluate   2. Configure  3. Browse     4. View       5. Edit             
Test member . . . . . . ________  M  (S/M for Single or Multi standard syntax)
                                                                               
Limit evaluation or configuration to standard and version:                     
Test standard name        Test standard versions  
________________________  _________________________________________            
                                                                               
Define additional local site standard declarations:                            
Standard name             Versions                                   ESMs      
________________________  _________________________________________  _________
________________________  _________________________________________  _________
________________________  _________________________________________  _________
________________________  _________________________________________  _________
                                                                               
Define additional local site reference declarations:                           
________  ________  ________  ________  ________  ________  ________  ________
                                                                               
Compliance result selection                                               
_  Compliant           _  Non-compliant    _  Overridden       _  Unknown 
_  Assertions due in  __  (number of days)                                
                                                                           
Output/run options                                                        
_  Show differences   _  Add object type summary                          
_  Print format          Send as e-mail                                   
      Background run     Include test details     Narrow print

Note: To work with single standard control members instead, in the (S/M for Single or Multi standard syntax) field, change M to S; see Single-standard syntax.

Action and name for CARLa control member provides the following options:

1. Evaluate the test member as the single rule (set) for an evaluation standard. See AU.R.E - Evaluate.
2. Configure the test member as the single rule (set) for an evaluation standard. See AU.R.C - Configure.
3. Browse the test member.
4. View the test member.
5. Edit the test member.
Note that saving the member writes the member into the first of the following concatenated CKRCARLA libraries:
- Selected with zSecure option CO.1.
- Specified with UPREFIX, if applicable.
- Specified with WPREFIX, if applicable.
- Shipped with the product.

In the Limit evaluation or configuration to standard and version section, you can use the following options to limit running the test member for a particular standard and version(s) of that standard:

Test standard name: To limit running your test member to one of the standards that your test member belongs to, you can specify the case sensitive standard name. That specification limits the output of the test member to include only the compliance results for that defined standard.
Test standard versions: Limit running your test member to one or multiple versions of the specified test standard. You must enter the version or list of versions (separated by commas) for the test standard that must be tested. You can specify special values ALL or CURRENT for all or the latest version of the test standard. This option is used only when test standard name is also specified. If left empty, only the current version of the test standard is tested.

Use the Define additional local site standard declarations section to define additional local site standard names with their versions and, optionally, the ESMs that apply to this standard.

Standard name: Specify the name of a standard that is used in the test member. This panel supports up to 4 local site standards that can be defined. The standards that zSecure supports by default, and the standards that are defined in SE.C in the optional standard and reference definition user CARLa member, are already predefined.
Versions: Specify a version or a list of versions of the standard (separated by commas).
ESMs: Specify an External Security Manager (ESM) or list of ESMs (separated by commas or blanks) that this standard applies to. Valid values are NONE, RACF, ACF2, and TSS. When omitted, the standard applies to ESMs RACF, ACF2, and TSS. Leave this field empty if this standard applies to any ESM.

The standards that zSecure supports are pre-defined and should not be repeated here.

Use the Define additional local site reference declarations section to define additional references. This panel supports up to 8 references that can be defined. The references that zSecure Suite supports by default, and the references that are defined in SE.C in the optional standard and reference definition user CARLa member, are already predefined. Reference types support alphanumeric and special characters @, #, $, - (hyphen), and _ (underscore).

Use the Compliance result selection to select the evaluate or run output criteria, similar to AU.R.E (see AU.R.E - Evaluate).

The Output/run options can be used to control the output format for evaluation:

To compare the evaluation outcome of two input sets for a single test member, select Show differences. See Compare processing for setting up the input sets, and selecting which compare outcomes you want to see. Using the default compare options, with an older input set allocated as compare baseline and a newer one allocated normally, selecting Show differences will give a quick overview of all evaluation results that changed in between the creation of the input sets.
Note: The same compliance rules are run and the same assertions are used for both input sets. This is not a comparison between the evaluated results from the previous run against a later run. Selecting this option will only show the compliance result differences, due to a change in the system data.
To include an Object type summary in the STDGOALS display report, select Add object type summary. This option generates an extra summary level that shows the newlist types that the evaluated object types belong to. The advantage of including this summary level is that the statistics about the test objects from different newlist types are no longer counted in one statistic. For example, tests of ACL entries, and tests of the profile settings are no longer counted in one statistic but produce separate statistics. These separate statistics more accurately report how many profiles and ACL entries are tested in the involved control.
To receive a printed report or email, select Print format; otherwise, the report is shown in display format. To receive email, also select Send as e-mail; the report is sent in either MIME/HTML or plain text, or as an attachment.
To limit the width of the page to 79 chars (regardless of the actual print file record length), also select Narrow print.
With Print format selected, two reports are produced: the compliance control summary and the compliance statistics for the tested objects. If you also select Include test details, an additional report is produced: each individual control on a separate page.
Without Print format selected, three standard reports are displayed:
- STDRULES: Standard compliance summary shows the compliance control summary. This management summary can help to determine control compliance status or improvement.
- STDTYPES: Standard object type compliance summary shows the compliance statistics for tested objects. This management summary can help to determine object types compliance status or improvement.
- STDGOALS: Standard compliance goal test results shows the object test results sorted by control name. Non-compliant goal test results are sorted above compliant goal test results. These detailed compliance goal test results can help to determine what actions to take for which resources in order to improve the compliance status.

Single-standard syntax

The following panel is displayed to enable working with a single standard control member.

Figure 2. AU.R.T - Compliance test single standard control member

                          zSecure Suite - Audit - Test rule                   
Command ===> _________________________________________________________________ 
                                                                               
Action and name for CKACUST control member                           
1  1. Evaluate   2. Configure  3. Browse     4. View       5. Edit
Test member . . . . . . ________  S  (S/M for Single or Multi standard syntax)

Specify for single rule evaluation or configuration:                   
Standard  . . . . . . . ____________________  (prefixed by the OS name)
ESM . . . . . . . . . . _  RACF      _  ACF2      _  TSS       _  RACF/VM 

Compliance result selection                                                    
_  Compliant           _  Non-compliant    _  Overridden       _  Unknown       
_  Assertions due in  __  (number of days) 

Output/run options                                                             
_  Show differences   _  Add object type summary
_  Print format       _  Send as e-mail                                        
   _  Background run  _  Include test details  _  Narrow print

Note: To work with multi-standard, multi-version control members instead, in the (S/M for Single or Multi standard syntax) field, change S to M; see Multi-standard syntax.

Specify for single rule evaluation or configuration enables you to select the Standard name that you want to use as well as the External Security Managers (ESMs) that zSecure Audit is licensed for. If you have licenses for multiple ESMs, you can select the ESMs you want to use for evaluation or configuration of the rule (set) member.

The Compliance result selection can be used to select the evaluate or run output criteria, similar to AU.R.E (see AU.R.E - Evaluate).

Use the Output/run options to control the output format for evaluation; see the information following Figure 1.