Configuration Best Practices › Identifying Cross-System Connectivity Controls
Identifying Cross-System Connectivity Controls
We recommend that you review your overall security enterprise periodically to determine what security relationships exist, if any, between these systems, and how activating any of the CA Top Secret processing options might be beneficial.
Business Value:
Sharing of administrative activity changes can provide considerable benefit in the form of business process simplification through automation. CA Top Secret has control options that enable it to share the following data and resources:
- CA Top Secret administrative commands and password changes with z/OS and VM systems using the Command Propagation Facility (CPF)
- CA Top Secret security file data and command function in a z/OS sysplex environment
- CA Top Secret security file changes with non-z/OS systems using LDAP Directory Services (LDS)
- Password and user ID change information to non-z/OS systems
- Auditing data with CA Audit and CA Security Command Center
Additional Considerations:
Review existing instances of cross-system connectivity in the following ways:
- Ensure that use and deployment is consistent with accepted best practices and your site's security policy.
- Examine remote systems that are connected to help ensure that they are properly secured and that the data provided to and maintained on them is secure. If they are not secure, you must secure them; otherwise, discontinue the remote connection usage until you can properly secure them.
- Ensure that the data being shared is actually being used on the remote system. For example, sending auditing data to a remote CA Audit and CA Security Command Center system when, in fact, the mainframe-provided data is not used on that system can be an issue. You can save processor, administrative, and network overhead by deactivating this remote sharing capability.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|