The NCSC C2 rating evaluates objects at the device or minidisk level and not at the file or data set level. There is limited inherent security in the CMS environment. CMS file, OS/390 and VSE data set integrity cannot be guaranteed in a C2‑rated system. However, SFS file security offers the same level of integrity as that we provide for minidisk links.
IBM has not yet issued an integrity statement for CMS because the CMS environment lets the general user program execute in supervisor state, enter storage protect key zero, execute privileged instructions, issue input and output commands, and process interrupts independently of the CMS nucleus. A systems programmer could take advantage of these CMS characteristics and modify the CMS nucleus to compromise CMS, OS/390, and VSE data set level security. This lack of integrity in the CMS environment limits any security system from providing absolute file level protection for CMS files. However, we provide absolute security for SFS files.
Despite being under the constraints of the CMS environment, CA ACF2 for VM stills provide a high level of CMS file security (although not C2 file level security). An explanation of CMS file, SFS file, and OS/390 and VSE data set access follows.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|