Racf

21 Things You Didn’t Used to Know About RACF

(A Technical Update for IT Auditors)

Stuart Henderson The Henderson Group (301) 229-7187

1

Copyright 2009 Stuart C. Henderson (301) 229-7187, All Rights Reserved

Here Are 21 Things Auditors Should Know About RACF

• One Person’s Opinion, But You Need to be Aware of the Issues in Any Case

• And of Course, It’s Easier When You Present Your Findings in the Light of the Specific Business Risk and Expected Cost to Reduce the Risk.

2

Copyright 2009 Stuart C. Henderson (301) 229-7187, All Rights Reserved

1

RACF is, of Course

• IBM’s Resource Access Control Facility, the Software on IBM Mainframe Computers with the MVS Operating System That Checks Out Userids and Passwords, and Controls Who Can Access What Datasets (Files) and Resources. • Market Leading Software Which Competes with ACF2 and TopSecret, Both from Computer Associates.

3

Copyright 2009 Stuart C. Henderson (301) 229-7187, All Rights Reserved

1)

RACF Now Supports Mixed Case Passwords

• You Can Force Mixed Case with SETR • To allow upper and lower case passwords for userids:

– SETR PASSWORD(MIXEDCASE) and to undo it: – SETR PASSWORD(NOMIXEDCASE)

• (Don't turn this one on until you are sure you want it. It's very hard to turn it off after many users have entered passwords with lower case characters.)

4

Copyright 2009 Stuart C. Henderson (301) 229-7187, All Rights Reserved

2

1A) RACF Now Supports Mixed Case Passwords

To set new rules for passwords to accept upper and lower case letters in passwords:

SETR PASSWORD(RULE5 (LENGTH(6:8) ccc (1:8)))

where ccc is one of the new options: MIXEDCONSONANT, MIXEDVOWEL, or MIXEDNUM. • To set a new minimum password change interval (for example, one day), issue:

– SETR PASSWORD(MINCHANGE(1))

5

Copyright 2009 Stuart C. Henderson (301) 229-7187, All Rights Reserved

1B) RACF Now Supports Mixed Case Passwords • Of course, You Shouldn’t Activate This Until All Programs with Signon...