S 2.285 Determining standards for z/OS system definitions

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The definition of standards for the z/OS system definitions is one of the prerequisites for functional system management. However, standards also support the implementation of security rules and the monitoring of these rules. In this, the following recommendations should be taken into account:

Agreed z/OS system standards must be documented comprehensibly. The documentation must be available to the administrators.

Regular checks must be performed to ensure that the z/OS standards are followed.

It should be considered to agree upon a standardisation for the following objects:

• account number in Jobs and for USER or STCs
• ACS routines
• allocation rules
• application ID (IMS)
• assembler standards
• user group identifiers
  
  e.g. network administration, development, testing, production, and DB administration
• COBOL compiler options
• command character (console)
• command character (terminal)
• coupling facility names
• files
  
  files to be created should be catalogued
• file names
  
  possibly including distinctive features for system, development, and production. The last qualifier normally defines the file type. Identification of target and DLIB files
• database names
• DFSMS
  
  DATA-CLASS, STORAGE-CLASS, MANGEMENT-CLASS, STORAGE-GROUP, LLQ allocations
• IMS ID
• IMS start procedures
• initiator classes
• ISMF protection definitions
• JES2
  
  job classes-, initiator, parameter
• JOBCAT and STEPCAT should not be used (IBM announced in August 2004 they would be discontinuing the support for JOBCAT and STEPCAT as of z/OS 1.7.)
• job names
  
  possibly including distinctive features for development and production
• catalogue names
• LOGON procedure names
• member names
  
  possibly including distinctive features for development and production
• output classes
• PAGE datasets
• Parmlib member for JESx
• procedure names
• RACF resource classes
• SMF assignment (system management facility)
• SMP/E file names
• SMP/E environments for different subsystems
• SMP/E zone datasets
• SMP/E zone names
• SMS file names
• SSID (subsystem ID)
• avoiding location identifiers
  
  Location identifiers did not actually prove to be advantageous within the framework of reorganisations and application shifts
• STC names (started tasks)
• STEPCAT should not be used
• SVC assignment
• Sysplex ID
• system file names
• system ID (with Sysplex identifier)
• table space names
• TSO-LOGON procedures
• UNIT classes
• USER ID
• USERMODs
• volume names (system volumes, application volumes)

Depending on the subsystems used, database systems, software products, and applications, this list may even be complemented by further objects.

Review questions:

• Have the agreed z/OS standards been documented comprehensibly?
• Is the documentation of the z/OS standards available to the administrators?
• Is compliance with the z/OS standards checked regularly?