Remember Rob, auditors are our friends. To be especially sure about security on what you send them first encrypt the outfile contents, then save it to a save file with compress set to *HIGH and then save the save file to another save file. You can then send them the final save file via an encrypted email.
All kidding aside, the auditor is more than likely looking for special authorities (*ALLOBJ, *SECADM), whether a user has access to a command line, if a user can run commands from the command line, how often a user is required to change their password and if the last password change date is reasonable to the display date in the out file.
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, January 28, 2014 7:52 AM
Subject: Crowe Chizek IT audit
Any suggestions? Should I offer it to them on a 5 1/4" diskette? :-)
A. Create a data file with all user profiles attributes.
*CROWE <data file name>
*QGPL <designated library>
B. Create a query to select attributes from the file obtained.
Select a file <CROWE, in QGPL library>
Sequence the fields. (USER PROFILE, USER CLASS, STATUS, LIMITED CAPABILITIES, DESCRIPTION, PASSWORD OF *NONE, SIGN-ON ATTEMPTS NOT VALID, LIMITED DEVICE SESSIONS, SPECIAL AUTHORITIES, INTITIAL PROGRAM, INITIAL PROGRAM LIBRARY, GROUP PROFILE, GROUP AUTHORITY, PASSWORD CHANGE INTERVAL, PASSWORD CHANGE DATE, PREVIOUS SIGN-ON DATE)
Sort the data <by user profile name, “A”scending>
Select output form <identify output to go to a file and export it off of the AS/400 using Client Access to a diskette>
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
Kendallville, IN 46755