Did anyone mention OMVS? Rob Schramm
Rob Schramm Senior Systems Consultant Imperium Group On Sat, Jun 29, 2013 at 11:25 AM, Elardus Engelbrecht < [email protected]> wrote: > Robert S. Hansel (RSH) wrote: > > >To add to your list, also offhand, include PARMLIBs, catalogs, JESPARMs > (governing entry of operator commands), TSO parms, installation SVCs and > Program Calls, Exits, I/O Appendages, PROCLIBs, and IPLPARMs. > > Add also these: SMP/E usage, z/OS Communication Server controls (portlist > for example), usage of SSL, controlling of Dig Certs (RACF/gskkyman/PKI). > > All your applications MUST call RACF, not using its own security methods. > (Yes, I know this thread is about omitting RACF and also DB2, for example, > can rather use its own security which is just about good as RACF.) > > About JES2 - you need to control incoming/outgoing traffic (NJE, FTP, etc) > too. > > Then - version controlling of every software package is very important - > just one example - you need to re-assemble security exits again and again > with each new version. Of course - RACF/ESM is partially involve. > > There are certainly more to add, but I need to RTFM... ;-D > > >So much of z/OS control is tightly coupled with RACF protection (how do > you protect APF libraries without RACF) that I would be inclined to combine > their respective security best practices into a single document. > > IOW - IBM Statement Of Integrity. > > Groete / Greetings > Elardus Engelbrecht > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
