Contributed July 18, 2001 Matt Niebur matt.niebur@countryfinancial.com

Audit Program
Top Secret Security Administration


Scope:

The administration of the Top Secret security software within the mainframe environment.

Objectives:

To determine the adequacy of controls and procedures.

Audit Steps:	         

1.	Update understanding of the security
	administration procedures of Top Secret.
	Obtain a copy of the Corporate Security
	Policy.  Determine whether the policy has
	been properly communicated.


2.	Use TSS LIST(ACID) command to determine
	that the access capabilities of individuals
	terminated from 1/1/01 to 3/15/01 were
	properly removed.


3.	Print a copy of the SYS1.PARMLIB(TSSPARMS),
	and 	review the Top Secret Control Options.


4.	Use TSS WHOHAS MODE (D), (W), (I) to
	determine if Top Secret is in FAIL mode.


5.	Identify the names of the Top Secret security
	files and using the TSS WHOHAS command
	determine who has access to these files.


6.	Determine if sensitive utilities are protected
	using the TSS WHOHAS PGM(XX) command.  Inquire
	as to whether access to sensitive utilities
	is logged and reviewed on a timely basis by
	management.


7.	Determine who has access to critical operating
	systems using the TSS WHOHAS DSN(SYS1.)
	command. 


8.	Examine the TSS started task procedure to
	ensure that proper Backup, Recovery and
	Audit/Tracking files are in place.


9.	Determine who has special administrative
	privileges and if they conform to corporate
	policy using TSS LIST(ACIDS) DATA(ADMIN).






Audit Steps - con't:

									          	  
10.	Using the CHANGES control statement of TSSAUDIT
	check that the listed changes have proper written 
	authorizations.


11.	Select a sample of 5 users.  Use TSSLIST(ACID) to
	determine their access capabilities.  Compare to
	approved security access form and review for
	compliance with written procedures.


12.	Determine what violation or exception reporting
	is produced and who reviews the reports and
	whether the follow-up of unusual activity is
	adequate to ensure that appropriate management
	personnel are aware and take action.  To verify
	the effectiveness of these procedures, inquire
	of users/user management as to whether they have
	ever been questioned regarding unusual activity
	reported by Top Secret.


13.	Use the LIST option of TSS AUDIT, List ACIDS with 
	PASSWORD authority.  Determine that all passwords
	belong to TSS Administrators. 


14.	Use the Privileges Short delimiter against the 
	(TSSSEC.S0955V.RECFILE) to identify individuals
	with CONSOLE capability.    


15.	Determine access to Top Secret programs.
	Use TSS WHOHAS on Top Secret source and load
	libraries (TSSSEC.)


16.	Determine protection provided for the linkage
	editor SETCODE AC(1) option.	


17.	Use TSS WHOHAS DSN(**) to determine who has
	access to all resources by type.


18.	Review status of weaknesses in prior year audit report.


19.	Write preliminary and final audit reports.































					

??