Hal,
ICSF fulfills multiple purposes:
1. It's the crypto hardware manager
2. It's the crypto key repository (CKDS, PKDS, etc..)
3. It's the API for crypto services.
If you have the RACF CSFSERV class active, the API calls issued by
non-system (not key 0, not sup state) callers may be checked even if the
crypto hardware is not installed. This however is an educated guess as
I've never played with ICSF without the crypto hardware. I suggest you
kick the tires and see if the checks occur (put up the profiles with
AUDIT(ALL(READ)) or any similar method).
Hayim
_____________________________________
Hayim Sokolsky, CISSP
Mainframe Security Architect
DTCC Corporate Information Security
18301 Bermuda Green Dr, MS 1-CIS
Tampa FL 33647-1760
Tel. (813) 470-2177
Hal Merritt <[email protected]>
Sent by: RACF Discussion List <[email protected]>
2009.09.22 10:50
Please respond to
RACF Discussion List <[email protected]>
To
[email protected]
cc
Subject
ICSF Access
Cross posted to MVS and RACF:
I have a sysprog asking for access to CSFOWH in the CSFSERV class. I am a
little confused: the doc seems to relate this to ICSF which is not active
on that LPAR. We do have ICSF hardware on the box and use it in other
LPARS.
Are some of the callable services still usable even if ICSF is not active?
I believe the sysprogs is doing SMP/E activities.
Thanks!!
NOTICE: This electronic mail message and any files transmitted with it are
intended
exclusively for the individual or entity to which it is addressed. The
message,
together with any attachment, may contain confidential and/or privileged
information.
Any unauthorized review, use, printing, saving, copying, disclosure or
distribution
is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.
<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
