Abstract
IBM mainframe installations started to protect computer data and transactions during the latter part of the 1970s. Since the IBM mainframe operating systems themselves do not incorporate suitable access control facilities several vendors began to market “addon” packages to provide these. The MVS market leader, in terms of total systems protected, has consistently been CA-ACF2. Part of its popularity has been due to its ability to protect complex environments, providing more powerful facilities and options than the other products. The very complexity which makes it such a powerful solution also makes it difficult to understand, particularly for the EDP auditor who must be able to both detect potential exposures in the system and recommend ways of operating in a more controlled manner. Based on about 40 CA-ACF2 audits carried out by the author and 18 years experience with the software, this article will provide pointers to the most common problems found, show how to extract the relevant information from CA-ACF2 and discuss appropriate control measures. The article will concentrate on CA-ACF2 in the MVS environment, but many of the concerns and techniques will also apply in the VM and VSE environments.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
