IBM® Security zSecure™ Command Verifier provides an additional security layer that enables you to compare each IBM Resource Access Control Facility (RACF®) command to your security policies prior to processing. Commands are intercepted as they are entered and compared to your security policy to determine whether or not they should be run.
IBM Security zSecure Command Verifier helps you:
- Monitor policy compliance proactively by verifying commands before processing.
- Retrieve command information quickly and easily with the Command Audit Trail feature.
- Gain greater control by setting policies, alerts and default values.
- Speed time to value with simple, independent installation.
Monitor policy compliance proactively
- Helps prevent noncompliant administrative commands — for example, privileged users that can change or delete all profiles within their scope.
- Automatically verifies command keywords against your specified policies as soon as a RACF command is issued to help prevent user errors.
Retrieve command information quickly and easily
- Stores changes to profiles in the RACF database, so you can easily discover when a change to a profile was made and which administrator issued a particular command.
- Retrieves information on changes in seconds, saving hours of log file research and reducing the risks associated with accidental or malicious actions performed by privileged users.
Gain greater control
- Specify policies using RACF profile to determine the type of verification to be performed and to define the action to take when a noncompliant command is detected.
- Generate alerts if certain RACF commands are issued.
- Use processing options with appropriate messages through notification controls when commands are changed.
- Establish policy definitions to provide mandatory and default values for commands where RACF does not.
- Grant users access to specific commands that those users would not normally be authorized to use.
Speed time to value
- Installs as part of the RACF Common Command Exit, a standard RACF API.
- Eliminates the need to design, code and maintain assembler routines that handle parsing of hundreds of keywords.
- Works independently of other products in IBM Security zSecure software and can serve as an important addition to other third-party RACF tools that lack this vital functionality.