Defending System z - A TCE (The Control Editor) Update

The Image Control Environment (ICE) is a System z Software Utility that reinforces and extends the continuum of security and control provided by IBM’s RACF, CA-ACF2 and CA-Top Secret over z/OS and z/UNIX resources - datasets, members, files - and MVS/RACF operator commands.

In this presentation, the following recent enhancements to ICE will be described:

• Break-Glass – Easily implements secondary password access controls over critical System z configuration datasets, files and commands, “raising the access bar” to vital production resources.
• TCE/OPER – An alternative to the conventional MVS Consoles, enforcing command access rights, fully documenting command usage and aiding productivity via Command Specific Wizards.
• CMDLog – A repository of defined MVS and/or RACF operator command events that is used to create an auditable “Real-Time History” of dynamic System z updates/changes.
• RACF/SETR - “The one Check to Rule them All” operates totally under the control of the IBM
• Health Checker for z/OS reporting deviations in SETROPTS settings from conformed rules.

Tracks: Security and Compliance, Security in the Enterprise and z/OS Systems Programming