Security controls

Edit online
  • A logical partition's initial security settings are set in the image profile used to activate it. Afterward, the Change Logical Partition Security task can be used to view or change the settings. Changes must be saved in the profile in order to have them available for subsequent use. Security settings are saved by the system across activations for the current configuration. Therefore, if the same configuration is used, Security settings need not be reentered (but should be checked).
  • The following Logical Partition Security Controls settings are required for a secure mode of operation:
    • ISOLATION should be enabled. This option binds the partition's allocated I/O configuration to it, even when a Channel Path (CHPID) is in an offline state. An overt, auditable operator action is required to unbind an item of the I/O configuration and move it to another partition.
    • I/O CONFIGURATION CONTROL should be disabled for every partition. By negating this option, the partitions are prevented from accessing (read or write) the existing IOCDS data sets, or dynamically altering the current I/O configuration. IOCDSs can be a means to surreptitiously pass data between partitions. In addition, dynamic alteration of the current I/O configuration can result in a partition having access to data that it is not authorized to access. Dynamic I/O Configuration is supported by the Hardware Configuration Definition (HCD) product for the z/OS® or z/VM® operating system.
      Note: I/O Configuration control should be enabled for a single, specific logical partition only during the short period of time when it is permitted to write a new IOCDS. Only the IOCDS to be written should have its write-protection temporarily reset. All other IOCDSs should remain write-protected during an IOCDS update operation. The Security Administrator should remain logged onto the console until the IOCDS update is complete, and the IOCDS update authority is disabled.
      Note: Neither Isolation nor I/O Configuration Control option has any effect on the sharing of CHPIDS or I/O Devices. Sharing is enabled by parameters of the CHPID statement used in the definition of the IOCDS.
    • GLOBAL PERFORMANCE DATA AUTHORITY should be disabled for every partition. This recommendation is based on a desire to block any possibility of a partition extracting meaning from another partition's performance data.
    • CROSS-PARTITION CONTROL should be disabled for every partition. Enabling cross-partition control permits one partition to disrupt processing in other partitions, resulting in the threat of denial of service to those partition's users. When cross-partition control is disabled, Automatic Reconfiguration Facility (ARF) is disabled. ARF uses the cross-partition control capability of PR/SM. ARF is not generally appropriate in a tightly managed, secure system.