Robert S. Hansel (RSH) wrote: >To add to your list, also offhand, include PARMLIBs, catalogs, JESPARMs >(governing entry of operator commands), TSO parms, installation SVCs and >Program Calls, Exits, I/O Appendages, PROCLIBs, and IPLPARMs.
Add also these: SMP/E usage, z/OS Communication Server controls (portlist for example), usage of SSL, controlling of Dig Certs (RACF/gskkyman/PKI). All your applications MUST call RACF, not using its own security methods. (Yes, I know this thread is about omitting RACF and also DB2, for example, can rather use its own security which is just about good as RACF.) About JES2 - you need to control incoming/outgoing traffic (NJE, FTP, etc) too. Then - version controlling of every software package is very important - just one example - you need to re-assemble security exits again and again with each new version. Of course - RACF/ESM is partially involve. There are certainly more to add, but I need to RTFM... ;-D >So much of z/OS control is tightly coupled with RACF protection (how do you >protect APF libraries without RACF) that I would be inclined to combine their >respective security best practices into a single document. IOW - IBM Statement Of Integrity. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
