S 4.214 Administration of data media under z/OS systems

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

In order to guarantee the protection of hard disks and tapes in z/OS systems, the following recommendations must be taken into consideration.

Hard disks

• The hard disks must be protected using corresponding RACF profiles (Resource Access Control Facility) and RACF classes. In RACF, a profile for the protection of the VTOC (Volume Table of Content) of the hard disk must be created. Working with generic profiles - e.g. VTOC.** - is possible and should be considered.
• The master catalogue must be protected by an RACF profile; employees must be authorised using READ. Write access must only be granted to those employees actually requiring this access within the framework of their work (e.g. when creating an ALIAS).
• In order to administer and maintain the overview of the hard disks in the hard disk cabinets, a disk assignment plan is required. This disk assignment plan must contain the following information as a minimum:
  • Address of the hard disk
  • Name of the hard disk
  • Name of the SMS hard disk pool to which the hard disk belongs (if SMS)
  • Name of the disk cabinet in which the hard disk was generated.
  
  This must be documented in writing.
• The programs for administering the hard disks (e.g. initialisation, copying of data, etc.) must be protected. The programs must only be executable for employees requiring this authorisation for their work. The use of the OPERATIONS attribute by programs should be avoided; more detailed information about this attribute can be found in S 2.289 Use of restrictive z/OS IDs, should this attribute be required nevertheless.
• The administration function of the ISMF (Interactive Storage Management Facility) must be protected using RACF profiles. Only authorised users must use these functionalities.
• z/OS commands that can be used to insert and/or remove hard disks and tapes into and/or from the system must be protected using corresponding RACF profiles. They must only be executed by authorised users (see also S 4.210 Secure operation of the z/OS operating system).
• The ACS routines (Automatic Class Selection) of the SMS (System Managed Storage) must be protected and may only be adapted by authorised users. Backup copies of the ACS files should be available that can be installed in case of an emergency.

Magnetic tapes

• The protection of magnetic tapes must be guaranteed using corresponding RACF profiles and RACF classes.
• When using administration programs for magnetic tapes, the particularities of these programs must be taken into account regarding the protection of magnetic tapes (e.g. use of TAPEVOL and TAPEDSN classes).
• By means of corresponding provisions and regulations, it must be ensured that sufficient tape stations are available and that these are not blocked by assignment for unnecessarily long periods of time.
• In order to guarantee the protection of the data on magnetic tapes, the Bypass Label Processing function must be disabled in z/OS systems. For this, the General Resource class FACILITY must be complemented by a profile called ICHBLP. This profile must be protected using UACC=NONE. Access to this function must only be granted temporarily in reasonable exceptional cases.

HSM (Hierarchical Storage Manager)

• The HSM is configured in a member (ARCCMDxx). Here, the IDs of the administrators must be entered for the HSM. The file containing this member must be protected by a corresponding RACF profile so that only the competent employees may gain access.
• The files on migration level 2 are located on magnetic tapes. These tapes must be protected and must only be edited by HSM.
• The time at which the backups are performed by the HSM must be considered in order to avoid any disturbances of the production by ENQUEUES and RESERVES. Furthermore, it must be specified which disks are to be backed up and how disk backup is to be performed (Full Volume or Incremental backup).

Review questions:

• Are the hard disks and magnetic tapes of the z/OS system protected by corresponding RACF profiles and RACF classes?
• Is the master catalogue of the z/OS system protected by an RACF profile?
• Is there a disk assignment plan for the z/OS system?
• Are commands and/or programs for managing hard disks and tapes of the z/OS system protected so that the programs may only be executed by employees requiring these authorisations for their work?
• Are the administration functions of the ISMF in the z/OS system protected using RACF profiles so that only authorised users may use this functionality?
• Are the ACS routines of the SMS in the z/OS system protected in such a way that they may only be adapted by authorised users?
• Are there backup copies of the ACS files in the z/OS system?
• Is the file containing the member for configuring the HSM in z/OS protected by a corresponding RACF profile so that it may only be accessed by competent employees?