ETF/A Features and Updates
EKC's Security Tools Facility for CA-ACF2
ETF/A is a powerful application that provides Emergency Access and Security Administrator/Auditor tools
designed to improve the efficiency of CA-ACF2 security administration.
New Features For ETF/A Version 1.6.1 As Of May 11, 2004
New Features for ETF/A Version 1.6.1
New Features for ETF/A Version 1.6.0
New Features For ETF/A Version 1.5.0 And Previous Versions
Links to more information about ETF/A
New Features For ETF/A Version 1.6.1 As Of May 11, 2004
ETF/A Dormant Rules Program
The ETF/A Dormant Rules Program now provides the following features:
- Logonid Cleanup: identify and delete unused lids based on time since last use.
- Loadable ACFFDR: lets you run ETF/A Dormant Rules Program against any set of CA-ACF2 backup files independent of the local environment.
- Selection parameters to narrow the dormant rule search: UID, KEY, Type masks for dataset and resource rules.
- Separate Resource rules and LIDS reporting.
- ETF/A MUID record cleanup: identify and delete unused MUID records.
- Empty Ruleset cleanup: identify and delete empty Dataset and Resource rulesets.
New Features For ETF/A Version 1.6.1
ETF/A User Options Facility
ETF/A now allows you to tailor environment through user selectable options.
Firecall Options & HIPAA Compliance
Extended Firecall Facility expiration interval options.
FASTAUTH processing support is now enabled.
Quick Recover Features
Quick Recover now recovers ETF/A MUID Records.
Test Rule Features
Test Rules may now reside above the 16-megabyte line.
Also, a new "all rules in test" option has been added.
New $Prevent Facility
A new facility to ensure certain accesses are not inadvertently granted has been created.
The facility operates to either remove or insert special "prevent access" rule lines in several ETF/A functions.
Rule Compiler Interface & $Prevent Facility
Super-Rule NextKey Merge supports the $Prevent Facility to ensure certain UIDs are always prevented
from gaining access when NEXTKEYs are merged.
File Maintenance Modeling & $Prevent Facility
Modeling changes and Super-Rule NextKey merges now optionally operate with the
$Prevent Facility to ensure no unintended access is granted.
LIST and REMOVE RAF expired rules separate from UNTIL date expired rules.
Select expired rules by specific RAF expiration date and rule $KEY and TYPE masks.
Dormant Rules Program & Database Cleanup
Additional new parameters add more control to rule cleanup processing.
Also, ACFBATCH statements can now automatically be generated to delete empty rulesets.
New support for ETF/A RAF expired rules in ETFA4DRP creates batch DELETE control cards for
input to the ETFA0PGM batch program.
Multi-valued UID fields are now supported.
ETF/A Multiple UID Facility
New Batch program to add/delete MUID records.
Also, an option to automatically delete MUID records when associated LOGONID is deleted by ACF command.
FASTAUTH processing for MUIDs may now be enabled.
Rule Aging Facility
New option to enable/disable RAF.
Also, a new display to show RAF “quarter-dates” for any year.
Key & Type Masks for LIST selections added.
New Features For ETF/A Version 1.6.0
SAF Controlled Dynamic Panel Interface
ETF/A now allows you to tailor rule based ISPF menus to your user's needs.
You use ACF2 resource rules to control which options are displayed and available for users.
New Firecall Options
The Firecall Facility now includes the ACF2 TAPE- BLP, REFRESH, and ACCOUNT privileges.
A new ASSIGN feature allows you to assign or cancel a Firecall privilege to another active user.
And, the SURROGATE option permits a batch job to be validated with another user's LogonID under Firecall.
Quick Recover Features
Quick Recover now lets you preview and edit rules recovered from another database before restoring to the live ACF2 database.
These same features also apply when recovering ETF/A TEST rules.
Test Rule Features
The Test Rule Facility now allows display, edit and delete functions from a list of the current test rules with a new ISPF display.
Rule Compiler Interface
The new Super-Rule Compiler support allows merging of NextKeys into a single rule line,
thereby eliminating unnecessary NextKeys and reducing the size of the database.
The Rule Optimizer Compiler now eliminates duplicate rule lines by optimizing rules with similar UID masks into appropriately marked rules.
New Features For ETF/A Version 1.5.0 And Previous Versions
Powerful Global Rule Alteration and Modeling
ETF/A provides powerful ISPF panel functions to globally replace, insert, or delete Logonids or UID strings.
These functions operate on all rulesets within a cluster, making global rule changes easy.
Integrated ISPF Rule Compiler Interface Permits One-step Decompile, Edit, and Recompile
Using the ETF/A Rule Compiler Interface means that dataset and resource rules may now be
directly decompiled from the ACF2 VSAM databases into an ISPF Edit session.
Once the modifications are made to the rule by the user,
press PF3 to recompile and store the rule into the active ACF2 database.
Instant ACF2 Database Record Recovery
Using ISPF panels, ACF2 Logonids and rules are individually recovered from the ACF2 backup files or alternate clusters.
No ACF2 shutdown is required. Records are recovered into the ACF2 active clusters immediately.
Reports on Dormant, Unused Rule Lines
ETF/A reports which rule lines within all ACF2 databases contain old, dormant, and unused UID information.
ETF/A scans for rules containing obsolete UID information.
Removal of these “orphan” rules conserves resources, improves administrator efficiency,
and lessens the potential exposures for unauthorized access.
Real-Time Rule Usage Monitoring
The ETF/A Rule Aging Facility constantly monitors all rule usage activity.
Rule lines within rulesets that have never been used in the security process are flagged.
These rule lines can then be removed from the ACF2 databases with ETF/A.
Dynamic Test Facility to Test Rules in Production
The Test Facility permits ACF2 rule changes to be tested in a real-time production environment.
These rules do not impact production, nor do they replace the existing rules,
instead they shadow the existing production rule and record loggings and violations.
Once reports have been reviewed and the test rule is adequate,
it may be migrated into production rules with an ETF/A panel.
ISPF panels provide interactive edit, compile, store, and control functions.
Dual UID Facility Allows Two UIDs per Logonid
The Dual UID Facility permits designated Logonids the capability of two UID strings used for access determination.
This effectively permits a single Logonid record to have dual privileges.
Firecall Facility for Emergency Access
"Firecall"
permits an installation to grant various special emergency privileges to authorized logonids in a controlled fashion. A special “firecall” UID may be implemented, as well as control of NON-CNCL, SECURITY, AUDIT, READALL, and password reset privileges. All usage of this facility is logged. A Firecall report program is also provided.
More Information About ETF/A
IBM's ETF/A Product Page
ETF/A Product Information
ETF/A Version 1.6.1 Product Announcement (PDF)
ETF/A Brochure (PDF)
ETF/A's Firecall Facility
PTFs, Product Support Status, and Compatibility Information
For more information on ETF/A, e-mail our Sales Department at:
sales@ekcinc.com.
|