Re: some RACF and CP questions

Thu, 24 Sep 2009 10:52:29 -0700 

5-1. The ESM hook into CP is configured by replacing the HCPRPx stubs in
CP.  It's not in a configuration file.  There might be a Product record
in your SYSTEM CONFIG file to enable RACF, like there is for RSCS, but
that doesn't prove that RACF is active.

 

5-2. The Journaling statement in SYSTEM CONFIG controls this.

 

5-3. Features Enable Clear_Tdisk in SYSTEM CONFIG sets T-disk to be
cleared on system IPL and when detached by a user.  This is better than
requiring a format upon allocation, because there's no sensitive data
sitting on unallocated T-disk areas.  It's cleared as soon as the
previous user is done with it.

 

5-4.  This isn't controlled by CP.  VM:Secure and VM:Director can be
configured to always format old minidisks when they're deleted.  I
suspect DIRMAINT can, too, but we don't use DIRMAINT here.

 

                                                 Dennis

 

My computer beat me at chess, but it was no match for me in kickboxing.

 

From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Martin, Terry R. (CMS/CTR) (CTR)
Sent: Thursday, September 24, 2009 10:12
To: IBMVM@LISTSERV.UARK.EDU
Subject: [IBMVM] some RACF and CP questions

 

Hi

 

I have been given some question by security auditors and I am having
trouble tracking the answers down. I was wondering if anyone could help
me with the answers to the following. This is what they are asking for:

 

(5)  Please print the configuration of the CP (zVM OS) to indicate the
following:

 

5-1.  RACF is configured to be the external security manager (ESM) of
zVM.

 

5-2.  Configuration of zVM internal auditing:  if RACF is not configured
to capture zVM security events, is CP configured to log specific
security event?

 

5-3.  Is zVM configured to overwrite the temporary (T) disk upon
allocation to prevent unauthorized access to sensitive data placed on
T-disks.

 

5-4.  Object reuse parameter settings supported/configured for CP to
minimize unauthorized users accessing sensitive CMS residual data (i.e.,
data deleted but not scratched from minidisk space).

 

 

Thank You,

 

Terry Martin

Lockheed Martin - Information Technology

z/OS & z/VM Systems - Performance and Tuning

Cell - 443 632-4191

Work - 410 786-0386

terry.mar...@cms.hhs.gov

 

WFH on Tuesdays and Fridays

Reply via email to