Sox 404 is the section that mandates segregation of duties. It applies to non-IT systems as well as IT, so not z/OS or even security specific, rather "good business practices".
On Fri, Aug 4, 2023 at 11:34 PM Michael Babcock <[email protected]> wrote: > I ran across this in a CICS security admin book (which should also apply > to z/OS sysprogs): > > Roles and separation of duties > > A key security principle is the separation of duties between > different users so that no one person has sufficient access privilege to > perpetrate damaging fraud. *This configuration is required by various > audit regulations such as the United States Federal Law known as the > Sarbanes-Oxley Act of 2002 > < > https://www.ibm.com/links?url=https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FPLAW-107publ204%2Fpdf%2FPLAW-107publ204.pdf > >.* > > An example of this separation of duties, is that someone with the > role of CICS System Programmer must not also have the role of RACF > Security Administrator. > > > Does anyone know exactly which section of SOX it's referring to? > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
