The various members within SYS1.PARMLIB affects security directly or indirectly. Check for alternate PARMLIB members (for example, the suffix '00' in SMFPRM00 can be changed for alternates).
This member controls the use of SMF. If LOG(SMF) has been specified in the CA Top Secret control options, ensure that SMF record type 80 is being recorded. The name of the CPU is stored here within the SMFID parameter. If your site is using CPU protection, the integrity of this four‑character name must be ensured. If you change it, you lose CPU protection. Also, notice record types not being recorded.
This member indicates what libraries are to be APF authorized. The authorized programs within these libraries, if so designed, can bypass security.
This member indicates which program libraries are automatically searched for programs. These libraries are also APF authorized.
This member provides processing options for dumping. DMPOPTxx allows for the dumping of protected storage (LSQA subpool 230, key 3) that includes CA Top Secret control blocks for users. Minimize this dumping.
This member indicates what commands are automatically issued at system startup (IPL). It must include an S TSS command to start CA Top Secret automatically.
This member indicates which modules are loaded into the system link pack area. Modules in the LPA can be accessed without accessing the libraries from which they have been loaded.
This member provides the names of I/O appendages that are used upon certain I/O conditions. These modules can execute in privileged state, so examine them for discrepancies in design.
This member contains default parameters for system initialization (IPL). IEASYSxx includes the suffixes for all PARMLIB members. Check these values for possible conflicts. The option OPI=NO prohibits specification of alternate options by the operator during IPL.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|