>Sorry, being lazy again. Anyone have a sample MVS security policies and >proceedures you can share? We have never had one, and suddenly >management things it is important. Links to general examplates would be >fine too. Thanks. > If you follow this lead you will be a very busy person indeed. The US Gov't, "csrc.nist.gov" has published their document "SP 800-53" (amonst other things too) which has all kind of questions to answer about how management views their computer systems. Then based on the ratings of Low, Medium, or High it outlines what security measures you need to have in place. They also describe what is Low, Medium, High although most managers will profess they are really, really important so it has to be HIGH. You take all these requirements and implement them according to the way RACF/ACF2/TopSecret permits you too. There are other MVS "stuff" which play well in an audit; like Health Checker. So this is not just restricted to z/OS, z/VM, Windows, etc. There are things like physical, entry, etc, security.
US's Uncle Sam is real big into FISMA, Federal Information Security Management Act. With all the things it requires, you will off and running to be kept busy for the next few years. jim ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
