RACF - Audit and Compliance Roadmap

Course:   RACFAUD
Duration:   4 Days
Level:   II
On our website at:   http://www.verhoef-training.com/courses/RACFAUD.html
 
Course Summary

This course is designed for auditors, compliance monitors, and RACF administrators seeking to identify vulnerabilities in RACF-protected z/OS mainframe systems and bring the systems into compliance with legally mandated security requirements. Much more than just a simple "how to audit" class, this technically-rich course will show you how to find and address serious security exposures of the kinds commonly found during RSH's RACF audits. By the end of class, you will have gained a solid understanding of RACF, an awareness of implementation "best practices", and a comprehensive knowledge of the tools and techniques for evaluating the status of RACF protection. Better still, you will be reviewing RACF reports from your own system during class and immediately identifying control concerns.  You are likely to return with a lengthy list of findings.

Topics Covered In This Course

RACF Concepts

  • Introduction to RACF
  • Profiles & relationships

Users

  • Identification & authentication
  • Password composition & options
  • User profile contents & segments
  • RACF commands and reports for users

Groups

  • Concepts, hierarchy, & functions
  • Group profile contents & segments
  • RACF commands and reports for groups

Resource Protection

  • Concepts
  • Resource profiles - generic & discrete
  • OPERATIONS & privileged access authorities
  • Access permissions & authorization process
  • Datasets
  • Dataset basics & protection
  • Dataset profiles & contents
  • PROTECTALL & TAPEDSN control options
  • RACF commands and reports for datasets

General Resources

  • Resource types, names & protection
  • General Resource profiles & contents
  • RACF commands and reports for resources

JES-related Controls

  • Started Task identification
  • Batch job controls (e.g., SURROGAT)

DASD Storage Administration

  • STGADMIN FACILITY profiles
  • DASDVOL profiles

System Product Controls

  • z/OS Unix BPX & UNIXPRIV profiles
  • TSO authorities and logon resource protection
  • CICS transaction & command protection

Logging & Reporting

  • System Management Facilities (SMF)
  • SETROPTS & profile monitoring options
  • Reporting tools

Administrative Authorities

  • System & Group level SPECIAL & AUDITOR
  • Group connect authorities
  • Class authorization and FIELD profiles
  • Policies, standards, and staffing

RACF Configuration

  • Exits & customization
  • Database backup and maintenance

RACF Audit Plan, Process, & Tools

What You Can Expect

On completing this course, students will have learned:

Who Should Take This Course
Recommended Prerequisites

Familiarity with the mainframe, RACF, and using TSO

Training Style

Instructor-led, including hands-on lab sessions.

Related Courses
Code Course Title Duration Level
AUDITE
Essential Audit Skills
5 Days
I
Details
MFAUDIT
The IBM Mainframe Environment for IT Auditors
3 Days
I
Details
ZOSJS
z/OS JUMP START FOR TECHNICAL SUPPORT STAFF
5 Days
I
Details
RACFAD01
RACF Administration
4 Days
II
Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.