Following was contributed by (Rey LeClerc) at rey@mass-usa.net VM/Secure Objectives: To ensure that adequate security procedures have been established over VMSECURE. Audit Program 1. Determine to what extent VMSECURE is controlling the data security environment at this location, i.e. is VMSECURE used only for VM directory maintenance, or is the rules facility also being used. If the rules facility is being used, make sure that is appended to include examination of the rules database and related configuration file records. 2. Obtain and review the VMSECURE configuration file listing. Examine the parameters established for the key configuration file records. The key configuration file records (for installations that are not using the rules facility) and their associated audit concerns are: - ACCESS - identifies the minidisks available to the VMSECURE service machine. Determine whether access to these minidisks is adequately restricted. verify that the DRCT and the BKUP minidisks do not reside on the same DASD. - DIRECT - identifies the CP-owned volume containing the page-formatted area for the CP object directory. Verify that access to this minidisk is adequately restricted. VMSECURE should have an MR link to the minidisk; if other users share access to the minidisk, controls should prevent multiple users from updating the CP object directory. - ENCRYPT - this optional record tells VMSECURE that the directory database is encrypted. This record is important because only where read access to the directory database is not adequately restricted and the minidisk and/or logon passwords in the directory are critical components to the access control methodology at this location. - GRANT - authorizes users to use VMSECURE subcommands, utilities and screen selections. Ascertain that sensitive functions have been granted only as needed. - IGNORE - indicates which User-IDs or specific minidisks are ignored by VMSECURE. This use of this record disallows VMSECURE from detecting (and preventing) any minidisk overlays that involve the specified the specified ignored minidisks. - LIST - groups authorizations or User-IDs for use on GRANT and WITHHOLD records. - USEREXIT - these optional records are used to specify the filenames of user routines to receive control at various points in VMSECURE's operation. Determine where any exits are being used, and if so, which ones. Obtain the source code for these exits and review them. Briefly describe their function and evaluate their effect on VMSECURE data security controls. - VOLUME - identifies real and DASD volumes managed by VMSECURE. Make sure that all intended volumes are included here. - WITHHOLD - restricts users from using the VMSECURE commands, utilities, or screen selections (that were explicitly provided to users in the GRANT record). Review this record in conjunction with the GRANT record to determine who has access to sensitive system functions. 3. Obtain and review the VMSECURE MANAGERS file listing (the file resides on the VMSECURE 191 minidisk). Examine the MANAGER record(s) 'mgrid' parameter. The User-ID(s) defined in this record have directory manager authority (provided that MANGE subcommand capability has also been granted in the VMSECURE configuration file). Determine whether the MANAGER capability has been appropriately designated. VMSECURE Reference manuals VMSECURE System Programmer's Reference manual VMSECURE System Administrator's Guide VMSECURE Directory manager's Guide VMSECURE User's Guide VMSECURE Rules Facility Guide