SOX-COBIT compliance checking, audit, and pre-audit feature

You can use the aixpert –c –l s command to check a system's SOX-COBIT compliance. AIX® Security Expert only checks for the supported control objectives compliance. Any violations found during the checking are reported. By default, any violations are sent to stderr.

You can also use the same command (aixpert –c –l s) to generate the SOX-COBIT compliance audit report. To generate an audit report, set up and enable the audit subsystem. Ensure that the AIXpert_check audit event is turned on. After setting up the audit subsystem, rerun the aixpert –c –l s command. The command generates the audit log for every failed control objective. The Status field of the audit log will be marked as failed. The log also contains the reason for the failure, which can be viewied using the -v option of auditpr command.

Adding –p option to the aixpert –c –l s command also includes successful control objectives also in the audit report. Those log entries have Ok in the status field.

The aixpert -c -l s -p command can be used to generate a detailed SOX-COBIT compliance audit report.

Whether or not the –p option is specified, there will be a summary record. The summary record includes information about the number of rules processed, the number of failed rules (instances of non-compliance found), and the security level that the system is checked for (in this instance, this would be SCBPS).