Control options let selected operators and administrators specify how CA Top Secret controls security. Control options:
Depending on your environment, the following control options with the specified operands can cause security breaches:
Does not erase all residual information on the DASD volume.
Changes the authorization algorithm and might impact access (which can be granted or denied).
Discontinues automatic backup of the Security File. Backup is also unavailable if the BACKUP DD statement is missing from the CA Top Secret started task procedure.
Allows selected or all jobs/users to bypass security; only use in an emergency.
Affects security processing if CA Top Secret becomes inactive.
Indicates a violation but does not treat the event as a fatal violation. It flags the event but does not FAIL the user.
Displays CA Top Secret data areas.
Deactivates the installation exit.
Controls separate facilities and also displays status. The FACILITY suboptions are:
Sets the mode.
Deactivates logging. Violations are always logged in FAIL mode.
Prohibits initiation/signon.
Allows multiple logons with the same ACID for the specified facility.
Deactivates terminal locking.
Controls default ACID assignment.
Password violations are not fatal in WARN mode (except for administrators).
Deactivates facility‑wide auditing.
Allows expired or changed passwords to be used for limited time in batch.
Sets a threshold for how long an ACID connected to an expired password can be used before it is suspended.
Resets global site installation data area to zero in CSA.
Indicates that the JES Early Password Verification feature is not in effect (USER and PASSWORD are required on the jobcard).
Deactivates extra SMF and Audit/Tracking File logging (violations and audited events are always written to the Audit/Tracking File).
Routes violation messages to the security console using route code 9.
Displays violation messages for batch jobs, started tasks, or online.
Deactivates Multilevel Security (MLS).
Deactivates the requirement for security labels for UNIX directories and files.
Changes MLS security mode and can lessen or destroy security.
Allows user to view data set names that were hidden from them.
Specifies that security labels are not required for all users, data sets, and resources in an MLS environment.
Deactivates the requirement for security labels for IPC objects.
Allows the write-down of data in an MLS environment.
Changes mode globally and can lessen or destroy security.
Allows a user to make an unlimited number of guesses to determine the MSCA password.
Deactivates most new password rules, except the MIN= and MINDAYS= suboptions.
Allows user to indicate which APARS apply from previous releases of CA Top Secret.
Disables the PDS member level protection for all data sets.
Allows unlimited access attempts at guessing user passwords.
Deactivates recording of changes to the Recovery File. If the RECFILE DD statement is missing recovery is not in effect.
Removes all password prefixes currently in the restricted password list if NEWPW(RS) is in effect.
Deactivates built‑in tape security. Only specify when using external tape management packages such as CA‑1®.
Indicates that temporary data sets are not protected and cannot be audited.
Controls frequency at which logging buffers are examined and data written to the Audit/Tracking File. If the frequency is too high, data might be lost.
Deactivates violation threshold controls.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|