- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: OpenVMS Security Audit Check List?
Operating System - OpenVMS
1751963
Members
4532
Online
108783
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 01:42 PM
тАО03-24-2010 01:42 PM
OpenVMS Security Audit Check List?
I'm looking for an OpenVMS 8.3 Sys Admin or SME to help put together a set of instructions on how to conduct a security audit of an existing system. A simple set of bullets or numbered items would suffice.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 02:04 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 02:46 PM
тАО03-24-2010 02:46 PM
Re: OpenVMS Security Audit Check List?
bmorris,
My first suggestion would be a careful read of the OpenVMS Guide to System Security from the standard documentation set.
As Hoff already noted, there is a NIST outline.
There is also some background information in the "OpenVMS Security" in the Handbook of Information Security [admittedly, I am the chapter author].
What is included in a security review depends on what the context is. If you are working to a standard (e.g., PCI), one needs to cover those requirements in addition to general securing of OpenVMS.
[Disclosure: We do provide consulting services in this area, as do Hoff and others who regularly contribute in this forum.]
- Bob Gezelter, CSA, CSE, http://www.rlgsc.com
My first suggestion would be a careful read of the OpenVMS Guide to System Security from the standard documentation set.
As Hoff already noted, there is a NIST outline.
There is also some background information in the "OpenVMS Security" in the Handbook of Information Security [admittedly, I am the chapter author].
What is included in a security review depends on what the context is. If you are working to a standard (e.g., PCI), one needs to cover those requirements in addition to general securing of OpenVMS.
[Disclosure: We do provide consulting services in this area, as do Hoff and others who regularly contribute in this forum.]
- Bob Gezelter, CSA, CSE, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-02-2010 09:33 AM
тАО04-02-2010 09:33 AM
Re: OpenVMS Security Audit Check List?
There are two ways to look at this. If you just want some things to check on the system itself, that's one problem. There is also the list of ways you interact with the machine as a security procedures audit checklist. Like, when you make a tape backup (If?), where do you store it.
Look up FIPS-140-2 for a list of questions to ask if you work for the government. If you can have all the answers for that on hand, you are a very long step closer to having a properly secured and audited system.
The government also uses something called an SRR (System Readiness Report), though the one that DISA publishes for OpenVMS doesn't work very will and is at least two major versions of OpenVMS out of date. But it might give you some reasonable ideas for questions that security auditors might ask.
Look up FIPS-140-2 for a list of questions to ask if you work for the government. If you can have all the answers for that on hand, you are a very long step closer to having a properly secured and audited system.
The government also uses something called an SRR (System Readiness Report), though the one that DISA publishes for OpenVMS doesn't work very will and is at least two major versions of OpenVMS out of date. But it might give you some reasonable ideas for questions that security auditors might ask.
Sr. Systems Janitor
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP