Questions customers had . . .






      Product capabilities
      Answer

      Does the product have Reporting/ auditing features
      Yes

      Does the product Generate commands
      Yes – build-in feature. A user can create also any type of commands based on the stored tables. In addition there is an open MySQL interface to extract/generate anything needed.


      Can Reports be Scheduled to run at certain times
      No – RA2FM is a standalone tool running on a PC/MAC or iOS devices if needed


      Can the product Email report outputs
      Email services are built-in – part of FM


      Does the product comply to any security regulation e.g. NIST?
      N/A – apart from the data extract on the mainframe any reporting/auditing is done on a PC/MAC or iOS device.

      RA2FM is password protected i.e. a user has to login to it.

      Note: the NIST rules are available/stored in RA2FM


      Ease of use
      Yes




      Does the product help identify and manage the following out of the box





      User ID's with no password interval
      Yes – ready to use script or perform a find


      Inappropriate usage of z/OS UNIX Superuser Privilege, UID = 0

      Yes

      Improper use of lack of UNIXPRIV Profiles

      Yes

      Sensitive Data Sets with UACC greater than NONE

      Yes – sensitive profiles can be marked/tagged – or optional you define/store your own queries or ‘FINDs’

      Critical Data Sets with UACC greater than NONE

      Yes – by using your own your own stored queries or ‘FINDs’

      Started Task ID's are not defined as PROTECTED ID's

      Yes

      Excessive access to SMF Data Sets
      Yes – whereby you have to define on what is excessive: to do so simply issue a ‘FIND’ and set the access element counter to any value


      Excessive access to APF Libraries
      Ditto


      Excessive access to z/OS UNIX File System Data Sets

      ditto

      RACF Database is not adequately protected
      Yes – view profile


      Programs Defined in the PPT (program properties table) with NOPASS
      Yes


      Excessive Access to the MASTER CATALOG Data Sets

      Yes – it supports all catalogs

      Excessive Access to the SVCLIB Data Set

      YES

      Excessive Access to APF Libraries

      YES

      Excessive Access to LINKLIST Libraries

      YES

      Excessive Access to SMPE Libraries

      YES

      Excessive Access to the LPALIB Data Sets

      YES

      Excessive Access to the NUCLEUS Data Set

      YES

      Excessive Access to the any Data Set

      YES

      PROTECTALL is not in FAIL Mode

      * SETROPTS are not unloaded

      Data Set Profiles in WARN Mode

      YES

      General Resource Profiles in WARN Mode

      YES

      SETR PASSWORD Revoke Setting is Inappropriate

      * SETROPTS are not unloaded

      Two Factor Authentication is not Required for Elevated Users

      * SETROPTS are not unloaded

      Password MINCHANGE Value is not Set

      * SETROPTS are not unloaded

      Password HISTORY Setting is too Low

      * SETROPTS are not unloaded

      Mixed Case Password Support is not in Effect

      * SETROPTS are not unloaded

      System-wide Password Interval is too High

      * SETROPTS are not unloaded

      WebSphere MQ "Switch" Profiles are Improperly Defined

      Yes – any general resource can be viewed in detail

      Inadequate WebSphere MQ Alternate User Security

      Yes – any general resource can be viewed in detail

      Inadequate WebSphere MQ Adapter Connection Security
      Yes – any general resource can be viewed in detail

      Inadequate WebSphere MQ Queue Security

      Yes – any general resource can be viewed in detail

      Inadequate WebSphere MQ Command Security
      Yes – any general resource can be viewed in detail

      Users Found on Excessive Number of Access Lists

      Yes – whereby you have to define in the “FIND” what that value should be.

      Groups Found on Excessive Number of Access Lists

      Yes – whereby you have to define in the “FIND” what that value should be.

      Excessive Number of Group-SPECIAL Users

      Yes – whereby you have to define in the “FIND” what that value should be.

      Does it support IKTSO00

      Yes – AUTHPGM AUTHTSSR AUTHCMD

      Does it support IEASVC00

      Yes

      Does it support IEFSSN00

      Yes

      Does it support CDT (class descriptor) entries

      Yes

      Does it support tape management systems

      Yes – CA1 and RMM

      Does it support DCOLLECT

      Yes – it supports NONVSAM, CLUSTERS, VTOCS, HSM backup&migrated

      Does it support storage information about datasets and volumes

      Yes – all dataset/volume information are available

      Does it support viewing datasets by last qualifier

      Yes – you can perform a search on the last dataset qualifier


      Does it support datasets with pertaining RACF profiles

      Yes – RA2FM extracts for each dataset the relevant RACF profile which is linked to the dataset profile table for instant viewing of the details. It shows for each dataset the UACC/OWNER as well.

      Does it support member list system datasets

      Yes – you can view all member details for each system PDS dataset. It lists ISPF statistics and/or load module information

      Does it free format data/text generation

      Yes – you can generate anything you need – not just RACF related data

      Does it support SQL

      Yes – it has an open MySQL interface

      Does it support HFS/ZFS

      Yes –
      Refer to:
      www‐03.ibm.com/servers/eserver/zseries/zos/racf/goodies.html

      On which platforms does it work

      It works under Windows; OSX and iOS. This means you can use it on e.g. an Apple iPAD etc.

      What are the software/hardware dependencies