RSH Consulting

By: Rsh Consulting  09-12-2011
Keywords: Architecture, Software tools, mainframe


The vast majority of mission critical applications and data still reside on IBM Enterprise Servers. Yet, the security of the mainframe has largely been ignored in recent years because of a common misperception that the mainframe environment is somehow stable and mature. In reality, many organizations never fully completed their implementations of security while others have not properly maintained or updated them to take advantage of recent enhancements. RSH Consulting's services can be invaluable in addressing these vital concerns.

We excel in implementing and enhancing RACF. This has always been our core service and is the area of greatest strength and depth in the background and experience of our consulting staff. Follow the links below to learn more about how RSH can help you:

Beat the auditors and regulators to the punch -- find and fix the problem before they show up!

Unsure where to begin or how to tackle certain tasks -- let us guide you.

Give RACF a solid foundation and framework -- we can help you develop the necessary policies, standards, and naming conventions.

Is your RACF cumbersome to administer -- let us help you streamline your architecture and automate administrative chores.

Trying to consolidate and harmonize RACF databases -- we have the tools and talent to help you get the job done.

Don't have the time or expertise -- we can provide both.

Security Reviews & Audits

An essential starting point in any effort to enhance RACF is a thorough examination of your current implementation. Our reviews encompass every aspect of RACF controls -- user identification and authentication, dataset protection, monitoring, general resource protection, and security administration.

Evaluating RACF options and profiles is only a part of what RSH delivers. We look beyond RACF to examine security policies, administrative practices and procedures, and the security-related interfaces and configuration parameters in other system software because they substantially influence the effectiveness of RACF and your overall mainframe security. We are often able to identify and help resolve organizational and procedural roadblocks to the implementation of sound controls.

For organizations subject to the provisions of the Sarbanes-Oxley Act, we focus on controls specific to your financial application along with the overall RACF controls. Of particular interest to us are the protections afforded databases, transactions, and resources related to these systems.

Our review efforts are aided by an extensive set of in-house developed software tools. However, we firmly believe software alone cannot substitute for thoughtful analysis. A hallmark of our reviews is the intense effort we devote to thoroughly understanding the unique nature and complexities of each client's system environment and implementation of RACF. This enables us to uncover subtle vulnerabilities that have left them unknowingly exposed.

Our reports are unmatched for their breadth and depth of information. We use them as a tool for knowledge transfer. Every report offers both practical recommendations and implementation advice. We also make it a point to praise good control practices as well as identify concerns.

Mentor & Advisor

Are you faced with the task of trying to:

  • Lock down Started Tasks

  • Implement PROTECTALL

  • C urtail OPERATIONS authority

  • M erge RACF databases

  • P rotect Unix System Services

  • G uard CICS commands

  • I mprove RACF performance

  • R efine storage administration authorities

  • Develop RACF exits

  • C ontrol JES and SDSF

  • A ctivate the latest RACF features

  • Meet the requirements of HIPAA, SOX, and PCI

  • .. etc.

We can provide just the right amount of timely, helpful advice, suggestions, and guidance needed to kick-start your efforts, maintain your momentum, and keep you on track. A few minutes with our knowledgeable staff can save you hours of research and frustration. Plus, we can alert you to potential problems and any pitfalls to avoid before you stumble on them.

Policies & Management

Ensuring everyone understands the ground rules can make a huge difference in whether RACF is properly implemented and maintained. It is not uncommon for us to trace the source of technical control problems back to policy deficiencies. We will work with your security, technical support, and audit staffs to craft policies and standards that will encompass your entire mainframe software environment and address everyone's needs and views. Our extensive document templates and prior experience can make short work of this effort.

We can also help you establish or improve your overall security management program. Our services include developing general security policies, establishing data ownership, designing naming conventions, and helping to justify additional security staff and resources.

Architecture & Automation

Ill-conceived or haphazardly maintained group architectures and naming conventions can be a nightmare to administer. We can unscramble the current structure and devise a new one that eases your burden. We are especially adept at redesigning and refining large-scale implementations of RACF using role-based access control concepts.

This effort ordinarily involves determining resource ownership, defining a group hierarchy compatible with your organizational structure, establishing or revising profile naming conventions, migrating existing users into the new architecture, and adjusting group administrator authority.

To support new or existing architectures, we can create automated tools to assist you with RACF administration and help to maintain quality assurance. This often includes building software interfaces with your Human Resources system to automatically manage user creation, termination, transfer, and authority. This service is particularly valuable if you are planning to implement user provisioning software as it prepares your RACF for an easier installation.

We can also develop RACF reports unique to your organization to assist with common administrative tasks and control monitoring. Our favorite software tool is REXX, which facilitates rapid development and is simple to maintain.

Synchronize & Merge

Regardless of whether you are planning to consolidate RACF databases or implement RACF Remote Sharing Facility (RRSF), the effort to synchronize and harmonize independent RACF databases and implementations can be a complex process. It requires identifying and resolving differences and mismatches in RACF tables, SETROPTS options, group structures, profiles, segments, and permissions. It may necessitate changes to such items as Started Task USERID assignments, Unix System Service permissions, and configuration parameters within JES and other system software.

RSH has both the experience and software to help you complete this effort successfully and with a minimum of difficulties. We can assist you every step of the way -- from initial planning and analysis to implementation of changes and final activation. We have software tools designed to pinpoint critical profile differences, and we can offer you effective recommendations for addressing them. The experience we have gained in past projects allows us to recognize potential roadblocks in advance and determine which situations may turn out to be more complex than anticipated. This enables us to help you set realistic milestones and to reach those milestones on time and within budget.

Enhancement & Assistance

We can help you with almost any RACF implementation task imaginable and our role and services can be very flexible to meet your specific needs. Moving beyond mentoring and advising, our staff can assume responsibility for specific projects to implement new controls or refine existing ones. We can perform the work entirely on our own or as members of a team combined with individuals from your staff. Whatever the role, one of our primary objectives is knowledge transfer. We want you to have a clear understanding of what we did and why so that you can maintain the controls thereafter.

Keywords: Architecture, mainframe, Software tools