PowerTech recommends that your security policy defines an appropriate set of system values and that you run system values reports on a regular basis to find any deviations from the policy. System Values reports highlight any values that deviate from the benchmarked value.
PowerTech Compliance Monitor collects data on all system values on the system and conveniently provides the following predefined System Values reports:
All System Values
Audit Related System Values
Password Related System Values
Security Related System Values
*System Values - Side-by-Side
A Key feature of Compliance Monitor is the ability to launch Assessments across multiple servers, and consolidate audit data from any number of System i servers into a single, easy to read report.
Compliance Monitor version 2.0 allows exceptions to the recommended PowerTech policy to be highlighted on grid reports (shown below).
Note: You can select your preferred colors to be used for grid reports and PDF Reports, select Preferences -> Reports -> Policy.
Along with all the standard OS/400 system values, which all begin with the letter 'Q' (QSecurity, QPWDMINLEN, etc.) Compliance Monitor also gathers data on some other important system settings that are not defined by OS/400 system values. These other important system settings are defined in Compliance Monitor as the PowerTech System Values.
The PowerTech System Values, which always begin with the letter 'Z' in the reports are detailed in the table below:
System Values Important system settings that are not defined by OS/400 system values |
PT Category Category created by PowerTech to allow more granular sorting and filtering of the data |
IBM Category The category given to the system value in IBM's System i system value information center |
Grid Column Title Title of the Grid Column |
Rpt Column Title Title of the Report Column |
Description Brief description of the data found in the report column |
Recommended Value The recommended value |
Level OS level at which this value was first introduced |
ZALWDCRTAD |
Security-General |
Security |
Allow Cert Adds |
Allow Digital Certificates Adds |
Allow add of digital certificates |
No Recommendation |
520 |
ZALWSTIDCG |
Security-General |
Security |
Allow Srv Password Chg |
Allow Service Password Change |
Allow service tools user ID password change |
No Recommendation |
510 |
ZALWSYVLCG |
Security-General |
Security |
Allow SYSVAL Chg |
Allow System Values Changes |
Allow change to security system values |
No Recommendation |
520 |
ZDDMACCPGM |
Security-General |
System and user defaults |
DDM Acc Pgm |
DDM Access Program |
DDM Access Program |
No Recommendation |
510 |
ZJOBACN |
Security-General |
System and user defaults |
SNA Input Act |
SNA Input Stream Action |
Job action for SNA input stream |
No Recommendation |
510 |
ZPCSACCPGM |
Security-General |
System and user defaults |
PCS Acc Pgm |
PCS Access Program |
PCS Access Program |
No Recommendation |
510 |
ZPWDLVLPND |
Security-General |
Security |
Pending Password Lvl |
Pending Password Level |
Pending Password level |
No Recommendation |
510 |
ZSECRTYPND |
Security-General |
System and user defaults |
Pending Sec Lvl |
Pending Security Level |
Pending Security Level |
No Recommendation |
510 |
ZSYSNAME |
Security-General |
System and user defaults |
System Name |
System Name |
System name |
No Recommendation |
510 |
Standard IBM system values are also used in Compliance Monitor. To view detailed descriptions of the security related standard IBM system values, refer to the PowerTech Compliance Guide.
(A complete description of every OS/400 system value can be found on the System i system value finder at: http://www.ibm.com)
© 2010 The PowerTech Group, Inc.
All Rights Reserved