Control the SAF Interface (BES.SECURITY)

Defining Security Protection Profiles in CA ACF2 › Activate and Control the CA Tape Encryption SAF Interface for CA ACF2 › Control the SAF Interface (BES.SECURITY)

Control the SAF Interface (BES.SECURITY)

During CA Tape Encryption initialization or SECURITY reload processing the BES SAF Interface performs the following steps to determine whether the SAF Interface should is activated.

Issue a CA ACF2 status call to determine whether CA@BES has been defined and activated.
Attempt to extract the SAF Interface BES.SECURITY control entity.
Extract, parse, and validate the SAF Interface control parameter. The SAF Interface control parameter is defined on the BES.SECURITY $USERDATA field on the CA ACF2 key set definition. Valid SAF Interface control parameters are ACTIVE or INACTIVE. ACTIVE will activate the CA Tape Encryption SAF Interface. INACTIVE will deactivate the SAF Interface if currently active or will prevent the SAF Interface from being initialized.

Note: If any of these steps fail, the SAF Interface will not be activated and each BESn subsystem will default to a resource protection level of PERMIT (no protected resources) and will disable security data set selection.

Tell Technical Publications how we can improve this information