On Friday, 12/10/2010 at 05:46 EST, Les Koehler <vmr...@tampabay.rr.com> wrote: > Back in the old days, I recall a finance type person saying something like: The > Gold Standard is that it should take collusion between two or more people to > defraud the company.
Preventing collusion between two class G users is why z/VM supports mandatory access controls and why you can change the privilege classes of commands and DIAGNOSE subcodes. > If we apply that to IT, then shouldn't pswds for privileged userids that can > access/change financial data be long enough that TWO sysprogs can each be given > half a pswd so they both have to be present to make a change? Well, not quite that bad, but EAL 6-level systems require two privileged users to make security-relevant changes to a system. Missile silo two-key concept. Multi-part keys CAN be used in the System z crypto cards for secure (encrypted) key operations. No one person has the entire key and so even if one of those people had a copy of the key dataset from z/OS or Linux, they wouldn't be able to use the keys to encrypt or decrypt data. By the way, you can see the two-key concept in RACF. If the security admin tries to deactivate RACF, CP prompts the operator to concur or deny. (A minor inconvenience and easily overcome [for the moment].) Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott