Hi Andrew
This refers to the Compliance Framework, option AU.R.E. When you allocate 2 snapshots (a CKFREEZE and an UNLOAD in each) in SE.1, using S to select the newer snapshot and C (for Compare) on the older snapshot, you can compare the two. The Set of Input files would look like this
zSecure Suite - Setup - Input files Row 1 from 106
(Un)select (U/S/C/M) set of input files or work with a set (B, E, R, I, D or F)
Description Complex
PRODMVS (2) PROD#OLD baseline
PRODMVS (0) PROD selected
Next, in many of the reporting panels you can select
Show differences under Output/run options, and select the type of differences you would like to see. When you use this in AU.R.E, the report shows compliance rules where Tests or Objects changed. This could point to new objects, or to tests that changed in compliance posture (e.g., became non-compliant).
The result is not easy to understand for managers. However, the security analyst can use it to spot resources that were added or the effect of incorrect security administration. This example shows that one new APF library was found, and it is compliant for the requirements of AAMV0040 (there in no "NonComp" value), but it fails some tests in ACP00060 (See the yellow 1?). 68 (new) issues with Sensitive CICS transactions were uncovered, etc.
A compliance progress report could be found in the
Rule set compliance summary display that you can get from AU.R.E. It shows a Cm% column that indicates the percentage of Compliant
tests in the evaluation of this system. The percentage is designed as an indicator of the effort needed to achieve a 100% compliant system.
------------------------------
Rob van Hoboken
------------------------------