While MLS is still inactive on a system, and write-down protection is not yet active, you should label all catalogs SYSNONE. In addition, you should label all critical data sets if you plan on protecting write-down on the system.
The following table lists the security labels that are recommended for system data sets:
|
Data Set Name |
Security Label |
Data Set Content |
|---|---|---|
|
Data sets specified in LNKLSTxx and LPALSTxx members of SYS1.PARMLIB |
SYSLOW |
Publicly readable data |
|
JES spool data sets |
SYSHIGH |
|
|
Page and swap data sets and SYS1.STGINDEX |
SYSHIGH |
System page and swap data sets |
|
SYS1.BRODCAST |
SYSLOW |
Notices for all system users |
|
SYS1.DAE |
SYSHIGH |
Dump analysis and elimination data sets |
|
SYS1.DUMPxx |
SYSHIGH |
System dumps |
|
SYS1.HASPACE |
SYSHIGH |
JES2 spool spaces |
|
SYS1.HASPCKPT |
SYSHIGH |
JES2 checkpoint data sets |
|
SYS1.HELP |
SYSLOW |
Online command documentation |
|
SYS1.IMAGELIB |
SYSLOW |
FCB images |
|
SYS1.LINKLIB |
SYSLOW |
|
|
SYS1.LOGREC |
SYSHIGH |
Hardware and software error loggings |
|
SYS1.MANx |
SYSHIGH |
SMF records |
|
SYS1.PARMLIB |
SYSLOW |
|
|
SYS1.PROCLIB |
SYSLOW |
|
|
SYS1.VTAMLIST |
SYSLOW |
|
|
Trace data sets created by GTF |
SYSHIGH |
Data about tasks |
|
User mail logs |
SYSHIGH |
Mail with various security labels depending on the label of the user that sent the mail |
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|