System Authorization Facility (SAF) / RACF Analysis
The SAF Analysis assesses the current state of the implementation of RACF security by reviewing the system for the most common high-risk security configuration errors. Leveraging expert security consultants, the RACF analysis provides a snapshot that gives a clear sense of the current state of the z/OS and RACF security implementation.
RACF Analysis This proposed RACF analysis will be a multi-level assessment of the LPAR and will include:
- Relationship of security policy, management and procedures
- RACF options in use and basic settings
- Assignment of RACF authorities and privileges
- System access (sign-on) controls in RACF
- Basic RACF group structure
- Reporting mechanisms and security of the audit trail (SMF) information
- Basic MVS system options and control over changes to them
- MVS options and facilities which influence integrity/security/RACF
- Control over MVS functions such as operator commands and dynamic system changes In each of these areas the intention is to confirm the compliance, or otherwise, with corporate policy and management expectations. The security structure can be viewed as a series of five or six layers, each being more technical than the previous and thus less readily monitored by management.
*prices exclude potential travel or lodging costs