Third party vendors also offer pure mainframe-based MFA. I am slightly familiar with an offering from Vanguard, for example.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jim Mooney Sent: Friday, August 30, 2019 7:19 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: MFA: An acronym that doesn't start with the word Mother We've been asked to implement MFA on the zOS Mainframe. I've read some threads on here, and it seems some have implemented IBM's MFA solution on zOS, and some have implemented MFA on 'winders.' The zOS solution is pricey so we are looking at alternatives. My question is: Does a windows implementation (tied to AD) meet audit requirements requiring MFA on the mainframe? IOW, can the requirement be met with MFA running on another platform? We currently use RSA Secure server for VPN access and could possibly leverage that for all MF access. Our security people are doing a POC on something called PAM (Privilege Access Mgmt/windows) to secure the mainframe, and I would like to make sure they are not taking a wrong turn. So any input from those ahead of us on this path would be very helpful. Thanks for looking. -Jim ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
