1

Validate the presence of general SAF-related exits using the Base SAF Exits function (7.1.1).

An exit can alter processing of SAF security calls through alteration of the SAF request parameter list or through bypassing invocation of the ESM for processing of the request.

2

Validate the presence of any OMVS/SAF-related exits using the OMVS/SAF Exits function (7.1.2)

An exit can alter processing of SAF RACF Callable Services requests through alteration of the Callable Service request parameter list or through bypassing or altering the results of the ESM invocation.

3

Validate the presence of any PDAS-related exits using the PDAS Exits function (7.1.3)

An exit can alter processing of SAF PDAS (Policy Directory Authorization Service) requests through alteration of the Callable Service request parameter list or through bypassing or altering the results of the ESM invocation.

4

Validate the presence of any ESM-specific exits using the ESM Exits function (7.1.4).

This function behaves in an ESM-specific manner. It tests the version and release of the ESM that your installation is running and performs an audit using the known exit points available for that version/release combination. This is useful when your shop upgrades the version of the ESM to identify if a new exit point is available.

An ESM exit may be less restrictive with the security functions it gets invoked for. For example, a SAF-specific exit will not get invoked for an ESM-specific security function, whereas an ESM-specific exit point may get invoked for both.

The capabilities of exit points vary, but they can alter the specific parameter lists and/or alter the results of a specific security function.

5

For any exit points found, identify the libraries containing; the executable code installed and used on this system, the actual source code used to assemble/compile the exit points.

Use the “A” Access command and other ESM-specific means to verify that the libraries are properly secured and that access is properly limited. Validate installation procedures to ensure that proper change control promotion procedures exist and are followed. Have someone that is technically knowledgeable in the areas of z/OS internals and ESM externals and implementation review the exit source code to ensure that it does what it is intended to do. Use the CA Auditor freezer functions to freeze all of the libraries and refreeze them on a regular basis to recognize changes.

6

Ensure that the proper SAF router program is used on your system; use the SAF Router Module analysis function (7.1.5). This function will note the ESM executed on your system and compare the executing SAF router module to the version proper for execution on your system. If your installation’s ESM is either CA ACF2 or CA Top Secret, the normal SAF router module is SAFRTSFR. If your installation’s ESM is RACF, or if your installation is not running any ESM, the expected SAF router module is ICHSFR00. The presence of a different SAF router module indicates that your installation has either chosen to write an installation-specific SAF router module or some process has dynamically altered the active SAF router module to use a different module. If an installation-specified SAF router module is present, the libraries containing the executable code and the source code should be identified and reviewed.

If an unexpected SAF router module is present it should be reviewed because of the possibility that it is a threat to the integrity of the operating system.