The IBM Security zSecure RACF and SMF Auditing training course explains how to audit the content of Resource Access Control Facility (RACF) database and z/OS system. You can measure the current security settings against the security requirements of a selected policy level. In addition, you learn about an Access Monitor data set that contains statistics about all RACF decisions taken. This information is helpful for finding profiles, permissions, or connections that are not used and can, therefore, be removed from the RACF database. Furthermore, you learn how to review the current general Service Management Framework (SMF) and RACF audit settings. This course explains how to use and interpret the pre-defined SMF audit reports, and how to create own customized SMF reports. Finally, the concepts of the Library status and change analysis functions are explained and demonstrated.
By attending IBM Security zSecure RACF and SMF Auditing workshop, delegates will learn to:
- Describe the flow of a security call from Resource Managers to RACF
- Perform user ID and password audit analysis
- Use the audit functions to report on sensitive user IDs and z/OS resources
- Create audit reports on key RACF and z/OS system tables
- Create audit reports for the CICS, IMS, and DB2 subsystems
- Review the system-wide Audit settings
- Select and process predefined SMF reports
- Define custom SMF reports
- Utilize the Access Monitor reports
- Clean up the RACF database
- Audit changes to system-sensitive libraries
- A basic knowledge of, and experience with, the z/OS platform, RACF, and zSecure
- The ability to log on to TSO and use ISPF panels
- Basic RACF and IBM Security zSecure education is assumed
This IBM Security zSecure RACF and SMF Auditing class is targeted for RACF security administrators and auditors.