× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2006

Re: Journal Receiver Retention for SOX

I too have been responsible for OS/400 (i5/OS) security in banking (FFIEC - 
FDIC, OTS, OCC regs) as well as in SOX-regulated industries.  The seven year 
retention policy is typically for FFIEC-regulated entities only, but if you can 
get away with retaining some tapes off site for that long, it's better to have 
it should you ever need it, than to need it and not have it!
   
  I always recommend a max 60-day online retention of QAUDJRN receivers and the 
max (7 year) retention offline.  If possible, have the security journal 
receiver save be an entirely separate operation in addition to what would get 
backed up on a system save.  That way it's easier to get to the data if you 
ever need to do some forensic reporting.  Remember too that the amount of data 
that is written to your receivers is also a function of your QAUDCTL and 
QAUDLVL settings.  If you don't already have *NOQTEMP in QAUDCTL, go ahead and 
add it (i.e. don't audit "RAM").  QAUDLVL can also have some unnecessary (or 
simply unwise) values turned on too (such as *SPLFDTA and *PRTDTA).  Finally, 
object auditing value settings contribute to the total volume written to 
security journal receivers, so be careful you don't have too many objects 
turned on for *ALL auditing.
   
  I recently did a few articles for IT Jungle on this.  Check it out if you are 
so inclined.
   
  http://www.itjungle.com/fhg/fhg020806-story02.html
   
  http://www.itjungle.com/fhg/fhg031506-story02.html
   
  http://www.itjungle.com/fhg/fhg042606-story02.html
   
  Best regards,
   
  Steven W. Martinson, CISSP, CISM
  Senior Consultant - Servique, LLC
  Cell 281.546.9836
   
  www.servique.com 
  4801 Woodway Drive, Suite 300E
  Houston, TX 77056
  "Uniquely Qualified"
   

                
---------------------------------
Do you Yahoo!?
 Everyone is raving about the  all-new Yahoo! Mail.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.