How is LWORM different from Immutable Volume ?

CA1

Using the TMODBLxx member to prevent the MOD processing and making LWORM tape more secure.

LWORM (LOGICAL WRITE-ONCE, READ-MANY) emulates physical WORM and is WORM complaint.
LWORM attributes are bound to the logical volume after the first use of volume or first reuse of volume after scratch.
With LWORM, additional files to a tape can be added AND can MOD onto the last file of a tape. LWORM will NOT allow any data that was written to be
modified. So cannot go through RECREATE processing, but can always MOD additional data to the last file OR add additional files by simply using
IEBGENER and doing a MOD or adding an addition file.

Unlike the concept of WORM or Virtual-WORM, an Immutable volume cannot be updated AT ALL. No MOD processing is allowed to the volume. The volume
becomes a READ-ONLY volume, even if CA 1 is shut down or removed from the system.
No method is available to convert previously written volumes to LWORM volumes without having to read the contents and rewrite them to a new logical volume that was bound as an LWORM volume.

Immutable Volumes (Fixed, unchangeable and cannot be deleted)
Immutability: The state or condition of being unchangeable
Immutable Volumes:
• Fixed, unchangeable and cannot be deleted
• Ensures a copy of the data is always recoverable
 Immutable volumes cannot be altered or changed. They serve as a shield against cyber threats, such as ransomware attacks since attackers cannot
encrypt or tamper with data stored immutably

Also, with IBM LWORM tapes, there is a process called "LWORM RETENTION" within the TS7700. This is controlling how long to keep the cache data available inside the TS7700 AFTER it has been scratched by the tape management system.
This would be in addition to the CA 1 Scratch event. If CA 1 scratches the tape after 7 days (and un-catalogs it) - the data will still be retained in the TS7700 .
even if specifying "Allow early return to scratch" in TS7700. The tape will only go into an "expire-hold state" until the retention period originally set has been met.

(see KD CA 1 - LWORM Retention VS CA1 retention)

Once a set of LWORM Retention rules are applied to a volume, they cannot be modified. Any changes to the special configuration settings will not be retroactive to existing LWORM Retained volumes. Only volumes created from that point forward will honour the new settings.
Further use the TMODBLxx member to prevent the MOD processing making an LWORM tape more secure. To prevent from MOD processing onto an
existing file it’s recommended to use both the LWORM Retention and TMODBLxx.

NOTE: Security can be used to control and limit the creation of secondary files.

Setting the  DSNB option set to YES in CA1 is recommended so that if there is an attempt to create a secondary file on a tape volume, they must have CREATE (ALTER) authority to the file they are creating AND they must have CREATE (ALTER) authority to the first-file on the tape. So, if
the first file on the tape is "PROD.PAYROLL.MASTER" and someone attempts to create "PUBLIC.MALWARE.TESTFILE" as a secondary file they would need to have CREATE (ALTER) to both the PUBLIC data set AND the PROD.PAYROLL.MASTER. So, there is some protection already existing. Now, if a bad-actor has CREATE authority to PROD.PAYROLL.MASTER; then that person could add a secondary file to that tape. But there are some controls on the creation of secondary files.

Can read about TMODBLXX in our tech doc:

TMODBL00