In many organizations, administrators and regular users can issue RACF commands that do not comply with installation security policies or other corporate standards. Breaches occurring due to this lack of compliance can cause outages and enhance vulnerabilities. Consul InSight zLock provides an additional layer of security that enables organisations to clear RACF commands versus policies, before processing, thereby enforcing security standards on top of the RACF rules. zLock is integrated with RACF, and its rules are managed with RACF profiles.
zLock's features include:
Comprehensive policy enforcement:Each time any RACF command is issued, Consul InSight zLock is invoked to verify all command keywords against your specified policies. Policies may be specified by the system administrator via RACF profiles. These profiles provide information to Consul InSight zLock about the type of verification to be performed, and about the action to be taken if the command does not comply with your policy. If desired, zLock can generate immediate, real-time alerts if critical RACF commands are issued. It can also prevent system outages which can be caused by system administrators issuing incorrect RACF commands with unintended consequences. zLock intercepts every RACF command before it is executed and verifies them against your company policies and procedures. When a command is entered by any means, zLock verifies if it complies with security policies and blocks it if it doesn’t.