PSF for z/OS: Security Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Trusted Software

PSF for z/OS: Security Guide
S550-0434-03

Trusted Software

Trusted software is the software portion of the trusted computing base. It includes:

Access control software
Access control is regulated by RACF®, which:
  • Authorizes user sessions based on user ID.
  • Authorizes resource access.
  • Ensures that only users identified to RACF can access the processor or resources.
For more information about how to protect processing with RACF, see z/OS Security Server RACF Security Administrator’s Guide.
Trusted spooling software
In a trusted computing base, spool files are protected through RACF and your spooling software. For example, in z/OS®, the Job Entry Subsystem (JES) spool is protected by activating the RACF JESSPOOL security class and by defining RACF profiles. For information about defining PSF-related RACF profiles, see Using RACF with PSF for z/OS.
Trusted printer-driver software
In a trusted computing base, secure printed output is controlled through PSF (the printer-driver software) and RACF. Output from a trusted printer has identification labels printed on each page.
Trusted communications software
In a trusted computing base, communications software is used to connect input and output devices to the main processor. For example, Communications Server: IP Services can be used to connect end-user terminals to the main processor so users communicate with one another.

In a trusted computing base, communication through networking software is controlled through RACF, and communication between users can be restricted or prohibited based on defined security clearances. See your networking software documentation for more information about controlling network access with RACF and for defining security clearances for end-user terminals.

Trusted resources
In a trusted computing base, some resources are defined as security resources and are managed differently from other resources. For example, fonts, overlays, and page segments that are used to print identification labels are stored in secure libraries, and only the printer driver can access these resources for printing.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014