Greg, I've always believed the mainframe allows the installation of software with the ability to certify only authorized data access is allowed via RACF (or equivalent), access to potentially harmful actions against the OS must be granted, (APF or otherwise), and all access is (or at least should be) monitored / logged via SMF.
as stated in the certification document replies. <rant> I seems to me this is the workstation / server audit question of the form "can you harden the mainframe?" The answer is, if WinDoze was as good as the mainframe, this question would never have to be asked for any platform in the first place. Concerning protection of the environment and data: unapproved software is not an issue. </rant> The concern with unapproved software might be the licensing. This would seems to give the auditors some traction. What would stop me from bringing a bootleg copy of some software in-house (if it doesn't require a CPU key) and using it? Of course, the company would be at risk of loss without some key / expiration ability, but that is not a requirement to be able to run. The company or government entity would be under a legal obligation for running unlicensed software. Chip Grantham | Ameritas | Sr. IT Consultant | [email protected] 5900 O Street, Lincoln NE 68510 | p: 402-467-7382 | c: 402-429-3579 | f: 402-325-4030 From: Greg Dorner <[email protected]> To: [email protected] Date: 09/05/2012 10:50 AM Subject: Re: Preventing the installation of "unapproved" software Sent by: IBM Mainframe Discussion List <[email protected]> > Will you pass these 'rants and expletives' to these auditors? :-D I will be passing them on to my manager. We are talking Federal auditors and billion dollar government contracts, so, no, I won't be telling the auditors anything. I let management (who are trained not to put their foot in their mouths) handle that. I may be a mainframe systems programmer, but I'm not suicidal yet. :-D Greg ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ******* This message may contain confidential information intended only for the use of the addressee(s) named above and may contain information that is legally privileged. If you are not the addressee, or the person responsible for delivering it to the addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message immediately thereafter. Thank you. ******* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
