We recommend that you implement proper update controls to ensure that a user does not modify the CA Top Secret started task procedure without authorization.
Business Value:
You must modify the CA Top Secret procedure (TSS) to specify several data sets that CA Top Secret uses. Proper update control of the CA Top Secret procedure is important because it defines many critical configuration elements, including:
Identifies the primary encrypted security file consisting of the security records that contain all user and resource permissions and restrictions. When a user initiates a job or signs on to an online facility in a z/OS environment, CA Top Secret obtains the user’s security record from the security file, and places it in the user’s address space for the duration of the session.
Stores the automatic daily backup of the security file to ensure complete integrity of the security environment. The backup file is an exact copy of the security file as it existed at the time of last backup. You can use this file if the device containing the security file becomes unavailable.
Stores and defines control options at initialization and sets up the CA Top Secret operating environment.
Store security incidents in place of, or in addition to, SMF. The audit tracking files provide administrators and auditors with a current, online record of system security activity from all CPUs.
Additional Considerations:
Because CA Top Secret starts as a subsystem, the CA Top Secret started task procedure must reside in the SYS1.PROCLIB data set or in any data set within the SYS1.PROCLIB concatenation.
When properly installed, CA Top Secret initialization routines automatically define the CA Top Secret subsystem definition during the z/OS IPL process. Do not define the CA Top Secret subsystem within any of your site's SCHEDxx parmlib members because doing so could cause unpredictable results.
More Information:
For detailed information about these files, see Installation Guide.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|