Using PROTECTED vs VAULT with OPTIONS(4) for STC's in Top Secret
Article ID: 370433
Updated On:
Products
Top Secret
Issue/Introduction
Is it safe to vault passwords in the mainframe environment?
Another concern is if STC's need to be defined with PROTECTED or OPTIONS(4)?
Resolution
VAULT is a 3rd party software used to store passwords. It is safe to vault passwords for started tasks that have a password as TSS will not perform password checking with OPTIONS (4) set.
An ACID can either be configured with PROTECTED or using OPTIONS (4). OPTIONS(4) was the first method introduced to TSS while PROTECTED is the newer method. Both approaches are viable and it is up to the client to choose the implementation that best suits their site requirements and preferences. The following shows the differences between each option.
PROTECTED:
- Using PROTECTED means there is no password management and no need for a vault. There are no disadvantages using PROTECTED.
- PROTECTED is easier to administer because there is no password management.
VAULTED:
- Using a vault for started task acid's passwords will reap no benefits or advantages. Since the password is not needed to start a started task, there is no need to vault it.
- Using a vault will provide the same security as PROTECTED. It may require password management.
Additional Information
Recommendations for started task acid's:
- Started task acid's should be limited to the FACILITY(STC,BATCH) environments. It can never be used to sign on to a terminal and used by a person.
- The administrator to a started task is the user that has authority to start it.
Feedback
Yes
No
Powered by
