MFAudit¶
Automated RACF security auditing — from raw RACF exports to audit-ready reports in a single command.
MFAudit reads standard z/OS security exports — IRRDBU00 unloads and SETROPTS REXX exports — and evaluates them against a library of CIS Benchmark and custom RACF security controls.
The result:
- styled PDF reports;
- CSV exports;
- JSON exports;
- deterministic PASS / FAIL / REVIEW verdicts;
- optional anonymized output for external sharing.
What you get¶
| 46+ CIS controls | Password policy, class activation, STARTED tasks, Unix System Services, Db2, CICS |
| Custom controls | Write organization-specific controls in YAML |
| PDF reports | Human-readable audit reports with findings and summaries |
| CSV exports | Spreadsheet, SIEM, or dashboard ingestion |
| JSON exports | API, Splunk, Elastic, automation, and pipeline integration |
| Anonymized reports | Replace RACF identifiers with stable pseudonymous labels |
Quick start¶
# 1 Collect data on z/OS
# Copy SETROPTS and IRRDBU00 to your workstation
# 2 Install MFAudit
pip install mfaudit
# 3 Run the audit (bundled CIS controls used by default)
mfaudit
# 4 Open the PDF report
open report.pdf # macOS
xdg-open report.pdf # Linux
start report.pdf # Windows
Default behavior:
--setropts ./SETROPTS--irrdbu00 ./IRRDBU00--format CSV,PDF
Controls requiring missing data sources are automatically marked as SKIP.
Output formats¶
MFAudit supports multiple output formats simultaneously.
Default outputs¶
mfaudit
Generated files:
report.pdf
controls_results.csv
JSON output¶
mfaudit --format JSON
Generated files:
controls_results.json
All output formats¶
mfaudit --format CSV,JSON,PDF
Generated files:
report.pdf
controls_results.csv
controls_results.json
Supported values:
| Format | Output |
|---|---|
PDF |
report.pdf |
CSV |
controls_results.csv |
JSON |
controls_results.json |
Data flow¶
z/OS system
├── IRRDBU00 unload ──────────────────────────────────┐
└── SETROPTS REXX export ───────────────────────────┐ │
↓ ↓
controls.yaml ──────────────────────────► mfaudit
example_controls.yaml (optional) ────────► │
│
├── report.pdf
├── controls_results.csv
└── controls_results.json
Anonymized reporting¶
Generate reports safe for external sharing:
mfaudit --format CSV,JSON,PDF \
--anonymize
Example anonymized identifiers:
USR-0001
GRP-0042
PRF-0017
Mappings remain stable within the same execution run so findings stay readable and correlatable.
Repository layout¶
controls.yaml CIS Benchmark controls
example_controls.yaml Example custom controls
mfaudit/ Python package and CLI
templates/ Bundled PDF report templates
docs/ Documentation (MkDocs)
Templates¶
Bundled report templates:
| Template | Style |
|---|---|
default |
Light corporate report |
terminal |
Green phosphor 3270-style terminal theme |
Example:
mfaudit --template terminal
List available templates:
mfaudit --list-templates
Installation¶
pip install mfaudit
Optional xhtml2pdf fallback renderer:
pip install "mfaudit[pdf-xhtml]"
See the installation guide for:
- Linux/macOS/Windows dependencies;
- GTK/WeasyPrint requirements;
- development installation;
- editable installs.
Use cases¶
- RACF security assessments
- CIS Benchmark validation
- STIG evidence generation
- Internal audit preparation
- Continuous RACF posture monitoring
- Security baseline verification
- Mainframe compliance automation
License¶
GNU Affero General Public License v3.0 (AGPL-3.0)