Actions

Access Control Facility (ACF2)

Revision as of 15:46, 17 February 2021 by User (talk | contribs)

Access Control Facility or ACF2 (more formally, CA-ACF2) is a set of programs from Computer Associates that enable [security on mainframes. ACF2 prevents accidental or deliberate modification, corruption, mutilation, deletion, or viral infection of files. With ACF2, access to a system is denied to unauthorized personnel. Any authorized or unauthorized attempt to gain access is logged. System status can be monitored on a continuous basis, and a permanent usage log can be created. The logging feature, besides helping to identify potential intruders, makes it possible to identify and analyze changes and trends in the use of the system. Settings can be changed on a moment's notice, according to current or anticipated changes in the security or business requirements of the organization using the system.[1]

ACF2 (Access Control Facility 2) is a commercial, discretionary access control software security system developed for the MVS (z/OS today), VSE (z/VSE today) and VM (z/VM today) IBM mainframe operating systems by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from IBM's ACF/VTAM. ACF2 was developed in response to IBM's RACF product (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource-rule oriented approach. Unique to ACF2 were the concepts of "Protection by Default" and resource pattern masking. As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (now z/OS), which allowed any security product to process operating system ("OS"), third-party software and application security calls, enabling the mainframe to secure all facets of mainframe operations. SKK and ACF2 were sold to UCCEL Corporation in 1986, which in turn was purchased by Computer Associates International, Inc. in 1987. Broadcom Inc. now (2019) markets ACF2 as CA ACF2.[2]

ACF2 has five different operation modes:[3]

  • Quiet Mode - Only data set rules are disabled.
  • Rule Mode - Individual access rules are defined.
  • Log Mode - Access is permitted but still logged.
  • Abort Mode - This is the default mode where ACF2 bars access, logs, and issues messages.
  • Warn Mode - Access is allowed but issues warnings.


References

  1. definition - What is Access Control Facility (ACF2)? Techtarget
  2. Explaining ACF2 Wikipedia
  3. What are the operation modes of ACF2? techopedia
Retrieved from "https://cio-wiki.org//index.php?title=Access_Control_Facility_(ACF2)&oldid=7984"