Do all accounts have passwords?
Have all default passwords been changed?
Are there procedures to ensure quarterly system password changes?
Are passwords changed when employees leave the organization?
Do special capability users (PM, SM, OP, AM, NM, and NA) have user passwords?
Are user passwords unique in accounts accessible by more than one person?
Is SM capability restricted to one person per system and AM capability to one person per account?
Do all groups with PM have restricted save access (S=GU)?
Are programs protected from unpriviledged users?
Is there an updated list of all released files?
Is there a logon or NOBREAK UDC at system and
account level to restrict MPE access?
Is there NOLIST and NOHELP on data sensitive UDCs?
Are embedded passwords removed from all jobstreams?
Are system installation files removed?
Is there a procedure for positive identification from callers requesting access to the system?
Are there hard copy printouts of console messages?
Is the system console and tape drive restricted to operation personnel only?
Is the data center audited quarterly?
Are modem ports downed until required?
Are System Load Tape and System Backup Tapes protected?