Verification and Compliance › Controls to be Evaluated Once CA Top Secret is in Place

Controls to be Evaluated Once CA Top Secret is in Place

After CA Top Secret is in place:

• Determine the options in use at the installation. From the master console enter:

  F TSS,SYSOUT
  

  F TSS,STATUS
  

  F TSS,FACILITY(ALL)
  

  F TSS,SYSOUT
  

  Obtain the SYSOUT listing of the TSS STC from the printer and examine the output. Look for deviations from the expected control options. Take particular note of MODE, PTHRESH, VTHRESH, logging options, NEWPW, and FACILITY options.

• For each facility that is secured, log on using your auditor ACID and perform various tests to ensure proper facility operation according to policy.
• Obtain a listing of all users and profiles within your scope. Enter the following command using the BATCH TMP:

  TSS LIST(ACIDS) DATA(ALL)
  

• Attempt to log on using sample ACIDs to determine effectiveness of various security controls.
• Obtain a listing of ACIDs that are not in FAIL mode using the following commands:

  TSS WHOHAS MODE(D)
  TSS WHOHAS MODE(W)
  TSS WHOHAS MODE(I)
  

• Determine if sensitive utilities are protected. For example:

  TSS WHOHAS PROGRAM(IE)
  

• Determine who has access to critical system and production data sets using the following command:

  TSS WHOHAS DSNAME(SYS1.)
  

• Examine the CA Top Secret started task procedure to ensure that proper Backup, Recovery, and Audit/Tracking Files are in place.
• Determine who has special bypass privileges (use the PRIVILEGES control statement of TSSAUDIT).
• Determine what privileges/accesses have been given to all users by issuing:

  TSS LIST(ALL)
  

• Determine what controls are active for started tasks. List the STC definitions by issuing:

  TSS LIST(STC)
  

  The default option DEF is first; it is not BYPASS or UNDEF. Ensure that the default ACID for STCs is FAIL or a specific ACID. If it is a specific ACID, it should have no BYPASS attributes.

• Determine who has special administrative privileges and whether they conform to corporate policy. Obtain a listing of all ACIDs using the following command:

  TSS LIST(ACIDS) DATA(ADMIN)
  

• Determine whether the CA Top Secret Security File changes are being properly recorded in the Recovery File. As a test, change your password and then run TSSAUDIT using the CHANGES control statement to ensure that the change was recorded.
• Locate all ACIDs that do not require passwords. Determine whether adequate source controls have been placed upon these ACIDs. Use of the AUDIT attribute is recommended.
• Ensure that critical CA Top Secret control options are in use.
• Determine what resources must be audited and that their prefixes or names are in the AUDIT record by using the following command:

  TSS LIST(AUDIT)
  

• Determine who has access to APF‑authorized data sets. Check PARMLIB members LNKLSTxx and IEAAPFxx.
• Perform an APF audit using the APF control statement of TSSAUDIT or CA Auditor.
• Check that dial‑up lines have protected terminal names.
• Determine if applications use the Application Interface to log changes to critical data elements.
• Ensure what functional units within the organization have adequate security guides or other relevant documentation.
• Determine who has access to protected CA Top Secret utilities. Any program starting with TSS should be owned and therefore protected. Use the following command to check:

  TSS WHOHAS PROGRAM(TSS)
  

• Ensure that users of critical facilities, such as production IMS or CICS, comply with corporate policy.
• Check to see who has access to all resources by type. For example:

  TSS WHOHAS DSNAME(**)
  

• Check periodically that terminated employees no longer have active ACIDs.
• Use the CHANGES control statement of TSSAUDIT to check that the listed changes have proper written authorizations.
• Determine what default ACIDs are in use on a facility basis by using the TSS MODIFY command. For example:

  TSS MODIFY(FACILITY(TSO))
  

• Determine to what extent vendor packages can be used that can bypass security, or for which there is no inherent security.
• Ensure that all data sets are protected. In a z/OS non‑Always call environment, obtain the current listing from the TSSPROT utility with the following options:

  PROTECT SIM
  

• Determine whether authorizations are not too general.
• Ensure that anti‑subversion measures are in place.
• Check that critical started tasks use operator accountability. List the STC record and look for STCACT attribute.
• Protect unauthorized use of the linkage editor SETCODE AC(1) option.

  TSS ADDTO(MSCA) ABSTRACT(AC1)
  

• Monitor use of SETCODE AC(1) if it is authorized to all users by using the following command:

  TSS PERMIT(ALL) ABSTRACT(AC1)
                  ACTION(AUDIT,NOTIFY)
  

  or monitor use of SETCODE AC(1) if it is restricted by using the following command:

  TSS ADDTO(AUDIT) ABSTRACT(AC1)
  

• Notify security personnel when certain events occur using:

  TSS PERMIT(ALL) DSNAME(x)
                 ACTION(NOTIFY)
  

• Audit update access to certain data resources using:

  TSS PERMIT(ALL) DSNAME(x)
                  ACCESS(R)
  

  TSS PERMIT(ALL) DSNAME(x)
                  ACCESS(U)
                  ACTION(AUDIT)