Been there, done that. We explained our auditor that the software instalation tool in z/OS is SMP/E, which is protected by the GIM.* profile in the FACILITY class in our RACF. We printed the accesses for that profile and they were satisfied enough after we explained that the admins don't need UPDATE but READ access to install software.
Regards, Harald On Wed, Sep 5, 2012 at 1:21 PM, Greg Dorner <gdor...@wpsic.com> wrote: > Man, the auditors came up with a new one! > > "Gap noted. Automated controls to prevent the installation of unapproved > software were not documented." > > So I have been assigned the task of researching how to provide "Automated > controls to prevent the installation of unapproved software". > > I'm hoping someone on the list has a clue to what could possibly do this. My > brain already hurts thinking about it. Just thinking logically with my > limited intellect tells me doing this is somewhat close to impossible. > > Any thoughts? I also accept rants and expletives. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
