The Objective

The objective of this service offering is to ensure that IBM RACF, CA Top Secret and/or CA ACF2 is properly upgraded to secure the Unix System Services (USS) environment introduced within the z/OS Operating System and to provide security training on this new environment. The USS environment, also known as the OpenMVS or OMVS environment, is a mandatory Unix environment now activated on IBM mainframes. The USS environment activates mainframe TCP/IP networking and enables mainframe access by Internet/Intranet/web applications as well as by applications such as Telnet, Rlogin, LDAP, UUCP, DFS/NFS and FTP. As a result, many mandatory mainframe security adjustments are required to accompany the introduction of z/OS.

Scope of Services

This service offering will be met through on-site activities covering four (4) days. During the on-site visit the consultant(s) will conduct a review and audit all security administrations that have already been taken to support the USS environment. The consultant(s) will research and identify the latest IBM and CA support recommendations pertaining to security administration requirements and security software maintenance requirements. The consultant(s) will enact any security administrative adjustments currently recommended by IBM and CA. The consultant(s) will also advise in writing of any recommended security software maintenance adjustments. Lastly, the consultant(s) will provide formal security overview training on the USS environment. This training session typically lasts two hours and will be repeated once if desired. The intended audience is Security, Unix and z/OS Operating System Support staff. In summary, the on-site activities will include:

  • Review/audit steps already taken
  • Research/Identify current CA and IBM recommendations regarding:
    • Recommended initial security administrative actions
    • Recommended security software maintenance levels
  • Formally advise of any recommended security software maintenance adjustments
  • Enact security administrative adjustments following IBM and CA recommendations:
    • Establish userids required to support USS (OMVS, BPXAS, FTP, TCPIP)
    • Establish Unix user segments for required initial users of the USS
  • If appropriate, establish Unix user-segment defaults for users or setup OMVS default
  • Establish Unix Groups for initial users
  • Establish USS resource security (e.g. BPX FACILITY resource security)
  • Verify proper BPXIWRAC exec installation
  • Provide formal overview training on USS security


Schedule a complimentary consultation with our team of mainframe and security specialists today.