| Product capabilities | Answer | |
| Does the product have Reporting/ auditing features | Yes | |
| Does the product Generate commands | Yes – build-in feature. A user can create also any type of commands based on the stored tables. In addition there is an open MySQL interface to extract/generate anything needed. | |
| Can Reports be Scheduled to run at certain times | No – RA2FM is a standalone tool running on a PC/MAC or iOS devices if needed | |
| Can the product Email report outputs | Email services are built-in – part of FM | |
| Does the product comply to any security regulation e.g. NIST? | N/A – apart from the data extract on the mainframe any reporting/auditing is done on a PC/MAC or iOS device. RA2FM is password protected i.e. a user has to login to it. Note: the NIST rules are available/stored in RA2FM | |
| Ease of use | Yes | |
| Does the product help identify and manage the following out of the box | ||
| User ID's with no password interval | Yes – ready to use script or perform a find | |
| Inappropriate usage of z/OS UNIX Superuser Privilege, UID = 0 | Yes | |
| Improper use of lack of UNIXPRIV Profiles | Yes | |
| Sensitive Data Sets with UACC greater than NONE | Yes – sensitive profiles can be marked/tagged – or optional you define/store your own queries or ‘FINDs’ | |
| Critical Data Sets with UACC greater than NONE | Yes – by using your own your own stored queries or ‘FINDs’ | |
| Started Task ID's are not defined as PROTECTED ID's | Yes | |
| Excessive access to SMF Data Sets | Yes – whereby you have to define on what is excessive: to do so simply issue a ‘FIND’ and set the access element counter to any value | |
| Excessive access to APF Libraries | Ditto | |
| Excessive access to z/OS UNIX File System Data Sets | ditto | |
| RACF Database is not adequately protected | Yes – view profile | |
| Programs Defined in the PPT (program properties table) with NOPASS | Yes | |
| Excessive Access to the MASTER CATALOG Data Sets | Yes – it supports all catalogs | |
| Excessive Access to the SVCLIB Data Set | YES | |
| Excessive Access to APF Libraries | YES | |
| Excessive Access to LINKLIST Libraries | YES | |
| Excessive Access to SMPE Libraries | YES | |
| Excessive Access to the LPALIB Data Sets | YES | |
| Excessive Access to the NUCLEUS Data Set | YES | |
| Excessive Access to the any Data Set | YES | |
| PROTECTALL is not in FAIL Mode | * SETROPTS are not unloaded | |
| Data Set Profiles in WARN Mode | YES | |
| General Resource Profiles in WARN Mode | YES | |
| SETR PASSWORD Revoke Setting is Inappropriate | * SETROPTS are not unloaded | |
| Two Factor Authentication is not Required for Elevated Users | * SETROPTS are not unloaded | |
| Password MINCHANGE Value is not Set | * SETROPTS are not unloaded | |
| Password HISTORY Setting is too Low | * SETROPTS are not unloaded | |
| Mixed Case Password Support is not in Effect | * SETROPTS are not unloaded | |
| System-wide Password Interval is too High | * SETROPTS are not unloaded | |
| WebSphere MQ "Switch" Profiles are Improperly Defined | Yes – any general resource can be viewed in detail | |
| Inadequate WebSphere MQ Alternate User Security | Yes – any general resource can be viewed in detail | |
| Inadequate WebSphere MQ Adapter Connection Security | Yes – any general resource can be viewed in detail | |
| Inadequate WebSphere MQ Queue Security | Yes – any general resource can be viewed in detail | |
| Inadequate WebSphere MQ Command Security | Yes – any general resource can be viewed in detail | |
| Users Found on Excessive Number of Access Lists | Yes – whereby you have to define in the “FIND” what that value should be. | |
| Groups Found on Excessive Number of Access Lists | Yes – whereby you have to define in the “FIND” what that value should be. | |
| Excessive Number of Group-SPECIAL Users | Yes – whereby you have to define in the “FIND” what that value should be. | |
| Does it support IKTSO00 | Yes – AUTHPGM AUTHTSSR AUTHCMD | |
| Does it support IEASVC00 | Yes | |
| Does it support IEFSSN00 | Yes | |
| Does it support CDT (class descriptor) entries | Yes | |
| Does it support tape management systems | Yes – CA1 and RMM | |
| Does it support DCOLLECT | Yes – it supports NONVSAM, CLUSTERS, VTOCS, HSM backup&migrated | |
| Does it support storage information about datasets and volumes | Yes – all dataset/volume information are available | |
| Does it support viewing datasets by last qualifier | Yes – you can perform a search on the last dataset qualifier | |
| Does it support datasets with pertaining RACF profiles | Yes – RA2FM extracts for each dataset the relevant RACF profile which is linked to the dataset profile table for instant viewing of the details. It shows for each dataset the UACC/OWNER as well. | |
| Does it support member list system datasets | Yes – you can view all member details for each system PDS dataset. It lists ISPF statistics and/or load module information | |
| Does it free format data/text generation | Yes – you can generate anything you need – not just RACF related data | |
| Does it support SQL | Yes – it has an open MySQL interface | |
| Does it support HFS/ZFS | Yes – Refer to: www‐03.ibm.com/servers/eserver/zseries/zos/racf/goodies.html | |
| On which platforms does it work | It works under Windows; OSX and iOS. This means you can use it on e.g. an Apple iPAD etc. | |
| What are the software/hardware dependencies | |
RACF Security - Audit and Administration
The World's Most Affordable RACF system tool - we have the features BigBlue forgot to write
Questions customers had . . .