Difference between revisions of "Access Control Facility (ACF2)"
(Created page with "'''Content Coming Soon'''") |
|||
| Line 1: | Line 1: | ||
| − | ''' | + | '''Access Control Facility''' or '''ACF2''' (more formally, '''CA-ACF2''') is a set of programs from Computer Associates that enable [security on [[Mainframe|mainframes]]. ACF2 prevents accidental or deliberate modification, corruption, mutilation, deletion, or viral infection of files. With ACF2, access to a system is denied to unauthorized personnel. Any authorized or unauthorized attempt to gain access is logged. System status can be monitored on a continuous basis, and a permanent usage log can be created. The logging feature, besides helping to identify potential intruders, makes it possible to identify and analyze changes and trends in the use of the system. Settings can be changed on a moment's notice, according to current or anticipated changes in the security or business requirements of the organization using the system.<ref>definition - What is Access Control Facility (ACF2)? [https://searchdatacenter.techtarget.com/definition/ACF2 Techtarget]</ref> |
| + | |||
| + | ACF2 (Access Control Facility 2) is a commercial, discretionary access control [[Software|software]] security system developed for the MVS (z/OS today), VSE (z/VSE today) and VM (z/VM today) IBM mainframe [[Operating System (OS)|operating systems]] by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from IBM's ACF/VTAM. ACF2 was developed in response to IBM's [[Resource Access Control Facility (RACF)|RACF]] product (developed in 1976), which was IBM's answer to the 1974 SHARE Security and [[Data Management]] project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource-rule oriented approach. Unique to ACF2 were the concepts of "Protection by Default" and resource pattern masking. As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (now z/OS), which allowed any security product to process operating system ("OS"), third-party software and [[Application|application]] security calls, enabling the mainframe to secure all facets of mainframe operations. SKK and ACF2 were sold to UCCEL Corporation in 1986, which in turn was purchased by Computer Associates International, Inc. in 1987. Broadcom Inc. now (2019) markets ACF2 as CA ACF2.<ref>Explaining ACF2 [https://en.wikipedia.org/wiki/ACF2 Wikipedia]</ref> | ||
| + | |||
| + | '''ACF2 has five different operation modes''':<ref>What are the operation modes of ACF2? [https://www.techopedia.com/definition/16057/access-control-facility-acf2 techopedia]</ref><br /> | ||
| + | *Quiet Mode - Only data set rules are disabled. | ||
| + | *Rule Mode - Individual access rules are defined. | ||
| + | *Log Mode - Access is permitted but still logged. | ||
| + | *Abort Mode - This is the default mode where ACF2 bars access, logs, and issues messages. | ||
| + | *Warn Mode - Access is allowed but issues warnings. | ||
| + | |||
| + | |||
| + | ===References=== | ||
| + | <references/> | ||
Revision as of 15:46, 17 February 2021
Access Control Facility or ACF2 (more formally, CA-ACF2) is a set of programs from Computer Associates that enable [security on mainframes. ACF2 prevents accidental or deliberate modification, corruption, mutilation, deletion, or viral infection of files. With ACF2, access to a system is denied to unauthorized personnel. Any authorized or unauthorized attempt to gain access is logged. System status can be monitored on a continuous basis, and a permanent usage log can be created. The logging feature, besides helping to identify potential intruders, makes it possible to identify and analyze changes and trends in the use of the system. Settings can be changed on a moment's notice, according to current or anticipated changes in the security or business requirements of the organization using the system.[1]
ACF2 (Access Control Facility 2) is a commercial, discretionary access control software security system developed for the MVS (z/OS today), VSE (z/VSE today) and VM (z/VM today) IBM mainframe operating systems by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from IBM's ACF/VTAM. ACF2 was developed in response to IBM's RACF product (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource-rule oriented approach. Unique to ACF2 were the concepts of "Protection by Default" and resource pattern masking. As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (now z/OS), which allowed any security product to process operating system ("OS"), third-party software and application security calls, enabling the mainframe to secure all facets of mainframe operations. SKK and ACF2 were sold to UCCEL Corporation in 1986, which in turn was purchased by Computer Associates International, Inc. in 1987. Broadcom Inc. now (2019) markets ACF2 as CA ACF2.[2]
ACF2 has five different operation modes:[3]
- Quiet Mode - Only data set rules are disabled.
- Rule Mode - Individual access rules are defined.
- Log Mode - Access is permitted but still logged.
- Abort Mode - This is the default mode where ACF2 bars access, logs, and issues messages.
- Warn Mode - Access is allowed but issues warnings.
References
- ↑ definition - What is Access Control Facility (ACF2)? Techtarget
- ↑ Explaining ACF2 Wikipedia
- ↑ What are the operation modes of ACF2? techopedia