Vulnerability Discussion
Without an audit capability, an integrity violation may not be detected. Organizations select response actions based on types of software, specific software, or information for which there are potential integrity violations. The integrity verification application must have the capability to audit and it must be enabled.
Check
If the Mainframe Product has no function or capability for integrity verification, this is not applicable.
Examine installation and configuration settings.
If the Mainframe Product is not configured to audit detected potential integrity violations, this is a finding.
Fix
Configure the Mainframe Product to audit detected potential integrity violations.