There are several z/OS enhancements that have recently shipped as "continuous delivery" features. One of them that I haven't seen mentioned yet in this forum is the new and improved RACF database encryption. z/OS RACF can now use a VSAM data set that can be both AES256 encrypted and shared in certain configurations. The distinction is that "classic" RACF databases contain encrypted entries, but now the whole data set can (also) be encrypted. This new approach strengthens the security profile of RACF and the overall system. I suggest you implement it now or as soon as reasonably practical.
For details and caveats please refer to APAR OA62267. — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN