Prevent noncompliant administrative commands from privileged users that can change or delete all profiles within their scope. Automatically verify command keywords against your specified policies as soon as a IBM® Resource Access Control Facility (RACF®) command is issued to help prevent user errors, regardless of whether the command is initiated from Time Sharing Option (TSO), Interactive System Productivity Facility (ISPF), a batch job or the operator console.
Retrieves command information quickly
zSecure™ Command Audit Trail stores changes to profiles in the RACF database, so you can easily discover when a change to a profile was made and which administrator issued a particular command. Retrieves information on changes in seconds, saving hours of labor.
Defines and determines different types of verification
Specify policies using RACF profiles to determine the type of verification to be performed and to define actions when a noncompliant command is detected, including prevention of command execution. Generate immediate, near real-time alerts if certain RACF commands are issued, helping to prevent system outages caused when administrators issue incorrect RACF commands. Send messages when commands are changed. Grant users access to specific commands who would not normally have authorization.
Works independently of other solutions in the zSecure suite
Installs as part of the RACF Common Command Exit, a standard RACF application programming interface (API). Eliminates the need to design, code and maintain assembler routines that create time demands. Serves as an important add-on to other third-party RACF tools that lack this vital functionality.
Integrates with common IBM platforms
zSecure™ Command Verifier, part of zSecure Compliance and Administration is accessible with IBM Security QRadar® SIEM, IBM Security Guardium®, RACF and IBM MFA solutions.
Scalable for big data systems
V2.2.1 allows storage above the 2 GB boundary ("the bar") to enable processing of more data. Note that the ability to use more virtual memory can have implications for paging and real storage needs. This also frees up storage below the bar for other programs. With models z196 or higher, 64-bit addressing is activated automatically, though reverting back to 31-bit addressing is optional. You can select the program to run using the SE.0 (SETUP RUN) option.