Linda, I'd think twice on this topic. We do vault our elevated access id's and I am fine with that, but to hand off all password management is a solution looking for a problem.
There is the racf password quality exit that can be coded up to disallow "common" passwords. On top of that, you can "Force" passphrase use with minimum length requirements making such common passwords pretty much a thing of the past. Dave Jousma Vice President | Director, Technology Engineering Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand Rapids, MI 49546 616.653.8429 ________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Linda Hagedorn <000005cf4637de00-dmarc-requ...@listserv.ua.edu> Sent: Wednesday, February 28, 2024 4:35:54 PM To: IBM-MAIN@LISTSERV.UA.EDU <IBM-MAIN@LISTSERV.UA.EDU> Subject: RACF, external password management My company wants an external password manager to substitute for RACF. I need to know if anyone has experience with this, or common password matching in RACF. Background Regulations NYDFS require preventing common passwords to be used. Vendor My company wants an external password manager to substitute for RACF. I need to know if anyone has experience with this, or common password matching in RACF. Background Regulations NYDFS require preventing common passwords to be used. Vendor tools (Courion, CyberArk, etc.) have a corpus to match password changes to prevent the use of common passwords. RACF passwords can be changed from TSO, the internal reader, JCL, Candle Session manager, etc., so trying to block password changing through RACF and forcing everyone through one of these 3rd party tools may be near impossible. Any input is appreciated. Thanks! Linda ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN