IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace z/OS
Categories Ported Tools
Created by Guest
Created on Nov 23, 2016

RELATED IDEAS

zOS Ported Tools SSH FACILITY BPX.SMF Processing Improvements

RFE for Improvements to FACILITY BPX.SMF
Reference: OA48775.pdf

The DoD STIG Team evaluated changes to FACILITY BPX.SMF that provide granular profile capabilities in the format BPX.SMF.<type>.<subtype>. We also participated in a teleconference with IBM on 29AUG2016 to discuss the results of testing we performed and the questions/observations we had.

One of the takeaway's from this meeting as well as the testing we conducted were three suggestions for improvements to the granular resource checking. Our testing was done with profiles BPX.SMF, BPX.SMF.119.94, BPX.SMF.119.96, and BPX.SMF.119.96 using SSH.

1. We request improvements to access violations to show the granular resource. In our testing, all of the ICH408 violations were against FACILITY BPX.SMF. Since we don't believe that permitting end users to BPX.SMF is a secure practice, we would like to see the granular resource such as BPX.SMF.119.96 being reported so that specific access can be permitted.
2. We would also like to request that generics be supported so that a profile such as BPX.SMF.119.* could be used. In all of our testing, fully-qualified profiles had to be used.
3. We believe that having an option within SSH to terminate a user's SSH session when SMF records are not being cut would improve security. Current processing would allow a user NOT having access to cut 119.9x records to continue with their SSH session and this would result in loss of an audit trail. This request is rooted in NIST 800-53 Rev 4 guidance under AU-5b. I have an email from our local security office on this topic that states:
The audit failure is referenced in 800-53 Rev 4. It's under AU-5 b. The CCI we use is CCI-00140 which says "The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records). The "organization-defined actions" has been determined to be "shut down information system".

Idea priority Medium

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.