I ran across this in a CICS security admin book (which should also apply
to z/OS sysprogs):
Roles and separation of duties
A key security principle is the separation of duties between
different users so that no one person has sufficient access privilege to
perpetrate damaging fraud. *This configuration is required by various
audit regulations such as the United States Federal Law known as the
Sarbanes-Oxley Act of 2002
<https://www.ibm.com/links?url=https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FPLAW-107publ204%2Fpdf%2FPLAW-107publ204.pdf>.*
An example of this separation of duties, is that someone with the
role of CICS System Programmer must not also have the role of RACF
Security Administrator.
Does anyone know exactly which section of SOX it's referring to?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
