During these phases (such as LOG, WARN, and ABORT modes), other activity is taking place besides rule writing. Review the system‑wide options selected in the ACFFDR and VMO records and modify them as you reach various implementation schedule points. You should bring additional areas under CA ACF2 for z/VM control if they were not defined initially, such as the VM directory maintenance program. You should identify all users, assign them unique logonids, and define them to CA ACF2 for z/VM. You must determine and define their privileges. For example, instruct users to issue their logonid and password at logon time. They may need some instruction on recovery procedures and new CA ACF2 for z/VM commands and messages, or both.
In decentralized environments, you may need to provide additional user training in rule writing and using CA ACF2 for z/VM commands. Refer them to the CA ACF2 for z/VM documentation.
Throughout the migration phases and on a continuing basis after you have reached full ABORT mode, you should print and review the CA ACF2 for z/VM reports. These reports are very useful in the early phases to help you write rules and define user privileges. As soon as you establish certain privileges and rules (even in LOG mode), the reports identify violations that you should research and take appropriate action. On an ongoing basis, these reports can be an invaluable aid in detecting security threats.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|