To enable future support for IBM Multi-Factor Authentication (MFA) for z/OS, some basic enhancements have been provided in IBM Security zSecure suite Versions 2.2.0, 2.1.1, and 2.1.0.
MFA support is intended to simplify administration by helping to enforce authentication policy, providing alert notifications, and reporting on authentication audit events and compliance. IBM Security zSecure capabilities help prevent privileged user threats, simplify administration, automate auditing, and reduce operational risk.
The current basic enhancements for MFA have resulted in several documentation updates for the following zSecure publications:
- IBM Security zSecure Admin and Audit for RACF User Reference Manual
- IBM Security zSecure CARLa Command Reference
- IBM Security zSecure Command Verifier User Guide
- IBM Security zSecure Messages Guide
See the attached PDF file for the documentation updates:
Note: Referenced topics that have not changed are not included in this document. You can find them in the publication that the chapter applies to.
Using zSecure RACF-Offline, you can issue RACF commands against an offline or inactive RACF database. With the introduction of IBM Multi-Factor Authentication for z/OS (MFA) services, several RACF commands interact with the MFA server. Based on the information provided by these RACF commands, the MFA server might update information that is related to the affected user. When issuing RACF commands in the offline environment, such interaction is undesirable and might lead to consistency errors. For this reason, the following functions are currently not supported in the RACF-Offline environment:
- Adding, removing, or changing MFA information in a USER profile.
- Deleting users that have MFA information.
MFA-related updates for QRadar SIEM
The MFA-related SMF records for QRadar SIEM did not result in zSecure documentation updates.
The following fields pertaining to SMF Type 80 records were made available to QRadar:
|authenticator||Specifies the authentication method that was used for a successful authentication.|
|compCode||Specifies the job or step completion code of an authentication request.|
The following aids are available to assist in planning for and applying all relevant maintenance at once:
- A technote from the RACF team about support for multi-factor authentication in conjunction with the new IBM Multi-factor Authentication for z/OS product.
- If you have RACF-Offline and you install the RACF PTF for MFA, then the RACF-Offline PTF for MFA will automatically be installed as well, because the RACF PTFs provide ++ VER statements in the version control program System Modification Program Extended (SMP/E) specifications.
- To pick up additonal recommended maintenance, it is good practice to regularly run REPORT MISSINGFIX for the following category that has been defined: IBM.Function.Multi-FactorAuthentication (MFA/K).
16 June 2018