Vulnerability Discussion
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check
If the Mainframe Product has no function or capability for session operations, this is not applicable.
Examine installation and configuration settings.
Verify that session auditing is initiated at session startup. If it is not, this is a finding.
Fix
Configure the Mainframe Product to initiate session auditing upon startup.