More than 80 percent of all global z/OS installations employ RACF (Resource Access Control Facility), the IBM tool for identifying and verifying users, managing access rights and logging access to protected resources. Based on the probable assumption that IBM mainframe systems are likely used by very large companies, it can be said with great confidence that RACF protects the security of the world’s most complex IT landscapes.
Ever stricter laws and guidelines are putting increasing pressure on corporate audit departments to further improve their IT security and optimize reporting. However, the laws and guidelines generally do not specify concrete IT measures that can be readily implemented. Instead, best practice approaches described in the BSI IT list of basic security measures apply. Companies are faced with the challenge of turning the measures listed there into concrete evaluation rules or policies. We provide hands-on recommendations on how to implement dynamic IT auditing and show you which requirements need to be met to be on the safe side.