Ensuring Mainframe Security is Properly ImplementedThe objective of this service offering is to ensure that mainframe security is properly implemented to secure the Unix System Services (USS) environment and to provide security training on this new environment.
The USS environment, also known as the OpenMVS or OMVS environment, is a mandatory Unix environment now activated on IBM mainframes. The USS environment activates mainframe TCP/IP networking and enables mainframe access by Internet/Intranet/web applications as well as by applications such as Telnet, Rlogin, LDAP, UUCP, DFS/NFS and FTP. As a result, many mandatory mainframe security adjustments are required to accompany the introduction of USS.
Scope of ServicesThis service offering will be met through on-site activities. During the on-site visit the consultant(s) will conduct a review and audit all security administrations that have already been taken to support the USS environment. The consultant(s) will research and identify the latest IBM and 3rd party support recommendations pertaining to security administration requirements and security software maintenance requirements. The consultant(s) will enact any security administrative adjustments currently recommended by IBM and/or 3rd parties. The consultant(s) will also advise in writing of any recommended security software maintenance adjustments.
Lastly, the consultant(s) will provide formal security overview training on the USS environment. This training session typically lasts two hours and will be repeated once if desired. The intended audience is Security, Unix and OS/390 Operating System Support staff.
In summary, the on-site activities will include:
- Review/audit steps already taken
- Research/Identify current CA and IBM recommendations regarding…
- Recommended initial security administrative actions
- Recommended security software maintenance levels
- Formally advise of any recommended security software maintenance adjustments
- Enact security administrative adjustments following IBM and CA recommendations:
- Establish userids required to support USS (OMVS, BPXAS, FTP, TCPIP)
- Establish Unix user segments for required initial users of the USS
- If appropriate, establish Unix user-segment defaults for users or setup OMVS default
- Establish Unix Groups for initial users
- Establish USS resource security (e.g. BPX FACILITY resource security)
- Verify proper BPXIWRAC exec installation
- Provide formal overview training on USS security