eTrust® CA-ACF2® Security: Basic Administration

Overview:

This course will introduce the features of eTrust ™ CA-ACF2® Security for z/OS (eTrust CA-ACF2), which provides default protection for your mainframe operating systems through system sign-on, data set access rules and system resource usage. Case studies and demonstrations will prepare you to control system sign-on through the logon ID database. In addition, you will create user identification (UID) strings to group users by access requirements, write access rules for data sets and write rules for the use of resources.

Description:

Important Note: In CA Learning Centers, this course is always offered in conjunction with the two-day course — eTrust ™ CA-ACF2 Security: Intermediate Administration (AC210) 

Who Should Attend:

Security Administrators
Systems Programmers
Security Auditors
Database Administrators 

Required Prerequisites:

Basic data processing concepts and terminology
Experience with TSO/ISPF 

You Will Learn How To:

Explain the protection of eTrust CA-ACF2 by default
Create and maintain user logon ID records
Write, compile, decompile and test eTrust CA-ACF2 access rules for data sets
Maintain resource rule Infostorage records
Monitor access attempts through eTrust CA-ACF2 reports
Determine critical auditing requirements 

Course Activities:

Lectures
Demonstrations
Workshops 

Recommended Next Courses:

eTrust CA-ACF2 Security: Intermediate Administration (AC210/AC210L)
eTrust CA-ACF2 Security: Advanced Administration (AC220/AC220L)
eTrust CA-ACF2 Security: Advanced Technical (AC230/AC230L)
eTrust CA-ACF2 Security: CICS Interface (AC240/AC240L)
eTrust ™ CA-ACF2® Security for DB2: Administration (AC250/AC250L) 

Course Agenda:
Day 1

Lesson 1: Overview

System Entry Validation
Password Controls
Data and Resource Controls
Audit Concerns
e Trust CA-ACF2 Entry
Access to Data Sets
Access to Resources
Default Protection
Control Databases
Logon ID Database
System Entry Validation
Sign-On Password Controls
User Identification String (UID) Concept
UID Example
Access Rules Database
Access Rules
Lesson 2: Identifying System Users

Logon ID Records
LID Fields
LID Commands
INSERT USING Example
LIST Example
SHOW FIELDS Example
LIST Example
Listing Logonid Example
Changing Logon ID Example
Deleting Logon ID Example
Enhanced LIST command
Expanded LIST IF Processing 

Day 2

Lesson 3: UID

About UID
UID Design Considerations
Creation Steps
@UID Macro
@UID Macro Example
Logon ID Field Definition — @CFDE
Logon ID Field Definition — LIDREC DSECTS
Defining UID Fields
Defining UID DSECT
UID String Summary 

Lesson 4: Writing Access Rules

Rule Comments
Rule Entry Format
Data Set Name Specification
Sample Data Set Masks
Access Determination
Rule Selection Sort Sequence
Rule Selection Algorithm
Access Determined
Rule Sample
Poor Rule Sample
Better Rule Sample
Documenting Rule Sets
Rule Control Statements — $MODE Statement
$MODE Statement
Delegating Rule Maintenance
Location Control — VOLUME Parameter
TIME/DATE Control — SHIFT Parameter
SOURCE Control — SOURCE Parameter
Allowing Temporary Access — UNTIL Parameter
Delaying Rule Activation — ACTIVE Parameter 

Day 3

Lesson 5: Protecting System and Miscellaneous Resources

Infostorage Database
Resource Rules — Record Structure
Resource Control
Resource Rule Sets
Resource Rule Set
$ Rule Control Statements
% Rule Control Statements
Rule Comments
Resource Rule Entries
Resource Rule Examples
TSO Accounts and Procedures
TSO Account Validation
TSO Procedure Validation
Control of Logon ID Bit Fields
CICS Resource Types
CICS Rules
Advantage ™ CA-IDMS ® Resource Types
Advantage CA-IDMS Subschema Rules
Resource Directories
Resource Directory Example
Under TSO READY Mode
SET RESOURCE Mode
COMPILE Example
DECOMP Example
RECKEY Command
ACCESS Command
ACFRPTRV Resource Log
ACFRPTRV — Loggings
ACFRPTRV — Violations