The auditor should monitor when ensuring tape security:
When using the CA Top Secret built‑in tape security, CA Top Secret forces the removal of rings for tapes opened only for input processing. A program cannot alter a tape with the ring removed (unless hardware modifications have also been made).
BLP under z/OS allows for unrestricted access to all files on any tape. This might be controlled through CA Top Secret using the BLP access level. If users do not have BLP access authority for tapes, then they cannot use BLP to access tapes.
CA‑1 allows for security bypass using the LABEL=EXPDT=98000 JCL option. The TMS interface, provided by CA, prohibits use of this feature unless the user has been permitted use of ABSTRACT(XDT98000). For information, see the Implementation: Other Interfaces Guide.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|