Take a look at a sample Compliance Assessment.
The Executive Summary ranks the overall condition of your system. The summary presents the six areas of review using red, yellow, and green indicators to show the state of compliance against best practices, along with a reference to the COBIT framework section to which they apply.
The User Access section reviews user access to system data through common network access services, such as FTP, ODBC, and remote command. It checks if these network access points are being monitored and controlled, and assigns a level of security risk.
The Public Authority section measures the level of public access assigned to the libraries on the system. The public is any user with a profile and password, so this measurement indicates how accessible the system is to the average end user.
The User Security section reviews the state of user profiles, including how many haven't been used for at least 30 days and how many have default passwords, as well as reviewing basic password settings that control how secure those profiles are.
The System Security section takes a look at key system values that control security settings on your system.
The System Auditing section checks if you are using the IBM i event auditing capabilities and the types of events being audited. The Assessment also checks whether a tool to analyze the log entries is installed on your system.
The Administrative Rights section reviews eight special authorities and the vulnerabilities of each. Too many users with too much authority is the area most often cited by auditors—this review reveals how vulnerable your system is.
The Recommendations section provides suggestions for remediation based on the compliance checks performed on your system.