Configuring the CIA Repository › The CIA Repository › How to Choose the CIA Repository
How to Choose the CIA Repository
The CIA security repository contains information about your mainframe users and the mainframe security policy. This information can reside in a CA Datacom/AD Multi-User Facility (MUF), a CA Datacom/DB MUF, or in a DB2 subsystem.
The first step in defining the security repository is to decide where the CIA repository resides. CA Datacom/AD is available as a component of CA Common Services on support.ca.com and can be used to hold the CIA repository. If you are licensed for CA Datacom/DB or IBM DB2 on the LPAR that contains the CIA repository, these alternatives can be used to hold the CIA repository.
Use the following criteria to choose a secure location for your CIA repository:
- Limit access to the security repository to people who already are able to list user and policy information directly from the mainframe security database. This restriction factors into the decision on which CA Datacom MUF or DB2 subsystem is to contain the security repository.
- Do not establish the security repository in a CA Datacom MUF or DB2 subsystem that functions as an application server. These systems traditionally have system administrators that can access the information in any database. The administrators would also be able to access the information in the security repository.
- Generate a CA Datacom Multi-User Facility (MUF) or DB2 subsystem that holds only the security repository. Give access to the CA Datacom MUF or DB2 subsystem only to people with access to the security information. This restriction eliminates any possibility of users with application access being able to access the security information.
- Verify that only people with the proper authority can access the security repository. Verify authorities regardless of whether you generate a stand-alone CIA repository or choose an existing CA Datacom MUF or DB2 subsystem.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|