With HFSSEC(OFF) is IBMFAC(BPX.CAHFS.*) checked?

book

Article ID: 15180

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Is IBMFAC(BPX.CAHFS.*) when HFSSEC(OFF) is set?



Is IBMFAC(BPX.CAHFS.*) when HFSSEC(OFF) is set?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

With HFSSEC(ON) normal USS validation is bypassed.

With it bypassed, you use BPX.CAHFS.xxxxx controls and secures HFS functions with CA Top Secret when HFSSEC(ON). Here is the link to the doc.

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/controlling-access-to-the-hierarchical-file-system/secure-hfs-functions 

With HFSSEC(OFF), normal USS security resumes and checking for IBMFAC(BPX.CAHFS.*) no longer occurs.