Broadcom - Interskill Learning Mainframe Training

[email protected]

The Online Mainframe Training Specialists
Search   Course Catalog  
Return to Catalog Home     Return to Curriculum Listing

RACF – For Auditors 2.5


4 hours


This course describes the various types of data center audits and discusses the role of an internal auditor when performing a RACF audit. It expands this to look at the general steps to ensure that RACF managed security is aligned with both organizational security standards, and external compliance regulations. RACF auditor privileges are discussed in detail describing how audit information is stored and the commands used to request the capture of specific events. The type of data that can be unloaded from SMF, and the RACF database, is explained along with details on how ICETOOL can be used to process this information to create audit reports.


Security administrators and IT auditors who are responsible for auditing the RACF environment. System programmers would also benefit from this course, giving them a better understanding of audit requirements from a RACF perspective.


Successful completion of all other RACF courses in this curriculum, or equivalent knowledge.


    After completing this course, the student will be able to:
  • Identify general processes when undertaking a RACF audit
  • Identify RACF Auditor roles
  • Describe general RACF auditing controls
  • Describe how RACF information is logged
  • Describe how the SMF dump utility is used to extract RACF records
  • Run the IRRDBU00 utility to unload the RACF database
  • Run ICETOOL jobs to create reports from unloaded data

Course Content

Introduction to RACF Auditing

Why a RACF audit is required
Internal and External audits
Tools to assist you with a RACF audit
Audit certification opportunities
Technical skills and knowledge to perform a RACF audit
The RACF auditing process

RACF Auditing Controls and Options

RACF audit roles
Assigning Auditor privileges
Logging of security-related events
Owner-controlled and Auditor-controlled logging
AUDIT and NOAUDIT controls
Using LOGOPTIONS to define what is logged
Logging command violations
Auditing z/OS UNIX

RACF Audit Data and ICETOOL

RACF SMF record types
IRRADU00 utility
Sorting unloaded SMF data
Creating XML data from unloaded SMF records
Unloading RACF database content
Creating ICETOOL reports
Invoking the RACFICE procedure
Pre-defined ICETOOL reports
Creating a customized ICETOOL report

RACF – For Auditors 2.5 Mastery Test

Search our catalog