On 9/20/2006 12:49 PM, Edward Jaffe wrote:
Walt Farrell wrote:
IBM ships an IKJTSO00 with our set of programs listed in AUTHPGM. If
the auditor asks you a question, you merely need to see whether the
program is one we put in the list upon installation or one you added.
Many IBM commands/programs are missing from the lists shipped in IKJTSO00.
If any parts of z/OS ship APF-authorized TSO commands (not programs)
whose names do not appear in the standard IKJTSO00, then I suggest you
submit requirements against those components to get them added.
Possibly the component owners simply have not thought about doing that.
If the commands are not really part of z/OS, though, you'll probably
still have to document them for your auditors, as I doubt we would put
them in the standard list.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
