zERT information service access control

The z/OS® encryption readiness technology (zERT) information service allows network management applications to obtain information about the cryptographic protection state of TCP and Enterprise Extender connections. Access to this information can be controlled by an external security manager product, such as RACF®, by defining the SERVAUTH profile name EZB.NETMGMT.sysname.tcpname.SYSTCPER.

Access to the zERT information is allowed if the user ID associated with the network management application is permitted (read access) to this resource profile. In addition, to use this service, the ZERTService parameter must be specified on the NETMONITOR statement in the TCP/IP profile data set. For details, see z/OS Communications Server: IP Configuration Reference.

If the resource profile is not defined, the service allows access to the zERT information only to superusers, or those permitted to become superusers (that is, those with read access to BPX.SUPERUSER).