Company: CXL Finance
Business Unit: Audit
Location: London
|
Low results
|
Med results
|
High results
|
|
|
Low risk
|
16
|
6
|
8
|
|
Med risk
|
8
|
8
|
1
|
|
High risk
|
3
|
3
|
0
|
The overall score is now 133
The table below shows each of the tests. Each test has been assigned an Implication Score (Imp Score) and a Results Score (Res Score). The implication score determines how serious a problem is when it occurs and cannot be changed. The results score shows how much this problem exists on your system, ranging from green, through amber to red.| Test code |
Imp Score
|
Res Score
|
| 1 System settings |
|
|
| 1.1 Security level |
6
|
1
|
| 1.2 Auto configuration |
2
|
5
|
| 1.3 Auto virtual |
3
|
8
|
| 1.4 Default public authority |
5
|
1
|
| 1.5 Allow user domain |
2
|
1
|
| 1.6 Allow object restore |
3
|
1
|
| 1.7 Attention program |
4
|
1
|
| 2 System passwords |
|
|
| 2.1 Password level |
2
|
1
|
| 2.2 Password expiration interval |
7
|
2
|
| 2.3 Password limit adjacent digits |
2
|
5
|
| 2.4 Password limit characters |
2
|
3
|
| 2.5 Password limit repetition |
2
|
2
|
| 2.6 Password minimum length |
7
|
1
|
| 2.7 Password maximum length |
2
|
1
|
| 2.8 Password position different |
2
|
4
|
| 2.9 Password does not require digits |
4
|
1
|
| 2.10 Password required to be different |
8
|
3
|
| 2.11 Password validation program |
2
|
1
|
| 3 Users |
|
|
| 3.1 User Classes |
7
|
4
|
| 3.2 Users with disabled profiles |
2
|
3
|
| 3.3 Users current library |
2
|
8
|
| 3.4 Users initial programs |
2
|
5
|
| 3.5 Users initial menu |
1
|
7
|
| 3.6 Users display sign-on information |
4
|
7
|
| 3.7 Users limit capability |
2
|
7
|
| 3.8 Users with limited device sessions |
2
|
7
|
| 3.9 Users with special environments |
2
|
1
|
| 4 Special Authorities |
|
|
| 4.1 Users with all objects authority |
8
|
5
|
| 4.2 Users with security administration authority |
7
|
5
|
| 4.3 Users with job control authority |
5
|
5
|
| 4.4 Users with spool control Authority |
5
|
5
|
| 4.5 Users with save system authority |
5
|
5
|
| 4.6 Users with service authority |
5
|
5
|
| 4.7 Users with audit authority |
3
|
5
|
| 4.8 Users with system configuration authority |
2
|
5
|
| 5 User passwords |
|
|
| 5.1 Users password expiry interval |
6
|
6
|
| 5.2 Users with password set to expired |
4
|
1
|
| 5.3 Users password last changed |
5
|
6
|
| 5.4 IBM system profiles where password <> *NONE |
3
|
9
|
| 6 Signon attempts allowed |
|
|
| 6.1 Maximum sign-on attempts |
5
|
4
|
| 6.2 Maximum sign-On attempt action |
3
|
1
|
| 6.3 Remote sign-on |
4
|
1
|
| 6.4 Limit security officer |
2
|
8
|
| 6.5 Display sign-on information |
6
|
1
|
| 6.6 Limit device sessions |
2
|
7
|
| 6.7 Inactive Interval |
5
|
6
|
| 6.8 Inactive Message Queue |
2
|
1
|
| 7 Groups |
|
|
| 7.1 Users in each group |
1
|
1
|
| 8 Auditing |
|
|
| 8.1 Audit control |
3
|
1
|
| 8.2 Audit level |
4
|
1
|
| 8.3 Audit end action |
3
|
1
|
| 8.4 Audit frequency level |
2
|
1
|
| 8.5 Create object audit |
3
|
2
|