IBM Resource Access Control Facility
   HOME

TheInfoList



Click Here for Items Related To - IBM Resource Access Control Facility
OR:
IBM Resource Access Control Facility on:   [Wikipedia]   [Google]   [Amazon]


Introduction

RACF, ronounced Rack-Effshort for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976. Originally called RACF it was renamed to z/OS Security Server (RACF) although most mainframe folks still refer to it as RACF. Its main features are: * Identification and verification of a user via user id and password check (authentication) * Identification, classification and protection of system resources * Maintenance of access rights to the protected resources (authorization) * Controlling the means of access to protected resources * Logging of accesses to a protected system and protected resources (auditing) RACF establishes security
policies Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organ ...
rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time .


Community

There is a long established technical support community for RACF based around a
LISTSERV The term Listserv (styled by the registered trademark licensee, L-Soft International, Inc., as LISTSERV) has been used to refer to electronic mailing list software applications in general, but is more properly applied to a few early instances of ...
operated out of the University of Georgia. The list is called RACF-L which is described as ''RACF Discussion List''. The email address of the listserv is RACF-L@LISTSERV.UGA.EDU and can also be viewed via a webportal at https://listserv.uga.edu/scripts/wa-UGA.exe .


Books

The first text book published (first printing December 2007) aimed at giving security professionals an introduction to the concepts and conventions of how RACF is designed and administered was Mainframe Basics for Security Professionals: Getting Started with RACF by ''Ori Pomerantz'' (Author), ''Barbara Vander Weele'' (Author), ''Mark Nelson'' (Author), ''Tim Hahn'' (Author).


Evolution

RACF has continuously evolved to support such modern security features as digital certificates/
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...
services, LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries (now IBM Z) hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially Db2, use RACF to provide multi-level security (MLS). Its primary competitors have been ACF2 and TopSecret, both now produced by CA Technologies.Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," ''IEEE Annals of the History of Computing'' 37 no. 2 (2015): 46-5
doi
/ref>


References


External links




RACF - An Overview
IBM mainframe operating systems Operating system security IBM mainframe technology {{Computer-security-stub