PRODUCT SHEET: CA TOP SECRET FOR z/os CA Top Secret r14 for z/os CA Top Secret for z/os (CA Top Secret) provides iovative ad comprehesive security for your busiess trasactio eviromets icludig z/os, Maiframe Uix ad Liux eablig your busiess to fully realize the reliability, scalability ad cost effectiveess of the maiframe. I cojuctio with CA Distributed Security solutios, CA Top Secret helps secure your etire eterprise. Busiess Value Product Overview Delivery Approach To stay competitive i today s chagig busiess ladscape, orgaizatios must stregthe security, streamlie admiistratio ad take a proactive stace o data security. CA Top Secret helps orgaizatios meet these challeges ad provides ehaced auditig capabilities that let you efficietly maage user idetities ad access to assets, as well as proactively moitor ad report o accesses. These capabilities let orgaizatios eforce busiess policies, comply with regulatios ad achieve ed-toed security maagemet. CA Top Secret provides the flexibility ad cotrol you eed to moitor ad adjust your security policies ad meet ever-expadig regulatory, policy ad idustry requiremets. Furthermore, CA Top Secret s extesive admiistrative, reportig, moitorig ad loggig capabilities help you secure your maiframe eviromet ad your ow peace of mid. CA Services provides a portfolio of maiframe services delivered through CA iteral staff ad a etwork of established parters chose to help you achieve a successful deploymet ad get the desired busiess results as quickly as possible. We desiged our stadard service offerigs to accelerate deploymet ad the learig curve for your staff. CA s field-prove maiframe best practices ad traiig help you lower risk, improve use/ adoptio ad ultimately alig the product cofiguratio to your busiess requiremets.
Features Maiframe 2.0 CA Top Secret has adopted key Maiframe 2.0 features desiged to simplify your use of CA Top Secret ad eable your staff to istall, cofigure ad maitai it more effectively ad quickly. CA Maiframe Software Maager: The CA Maiframe Software Maager automates CA Top Secret istallatio ad maiteace ad removes SMP/E complexities. > The Software Acquisitio Service eables you to easily move product istallatio packages ad maiteace from CA Support Olie directly to your maiframe eviromet ad prepare them for istallatio. > The Software Istallatio Service stadardizes CA Top Secret istallatio, which icludes a ew, streamlied Electroic Software Delivery (ESD) method that allows CA Top Secret to be istalled usig stadard utilities. This service also provides stadardized SMP/E product istallatio ad maiteace via APARs ad PTFs, ad simplifies SMP/E processig through a ituitive graphical user iterface ad a itelliget Istallatio Wizard. > The Software Deploymet Service eables you to easily deploy CA Top Secret i your maiframe eviromet. > CA MSM Cosolidated Software Ivetory (CSI) updates ad ifrastructure improvemets add flexibility to CA MSM processig of CSIs ad eable CA MSM to more effectively utilize CPU ad system memory. Istallatio Verificatio Program (IVP) ad Executio Verificatio Program (EVP): As part of qualificatio for iclusio i the set of CA maiframe products released every May, CA Top Secret has passed striget tests performed through the IVP ad EVP to fid ad resolve iteroperability problems prior to release. These programs are a extesio of CA s ogoig iteroperability certificatio iitiative lauched i May 2009. Best Practices Guide: This guide provides iformatio o CA Top Secret istallatio, iitial cofiguratio ad deploymet to shorte the learig curve for staff resposible for the istallatio ad maagemet of this product. Health Checker: The Maiframe 2.0 Health Checker provides CA Top Secret Health Checks that execute uder the IBM Health Checker for z/os. > The CA Top Secret Health Checker is a valuable tool to idetify potetial problems before they impact your availability or cause system outages. It checks the curret active CA Top Secret settigs ad defiitios for a system ad compares the values to those suggested by CA or defied by you. What s New i CA Top Secret r14 for z/os AES Ecryptio (Password ad Password Phrase): Provides improved security cotrols for password ad password phrases to support FIPS-approved AES128 for stroger ecryptio. CATADELPROT Cotrol Optio: Delivers further protectio from accidetal data loss. This optio prevets users with alter access to the master catalog from deletig SMS-maaged data sets for which they do ot have delete privileges. Data Classificatio: Itroduces a ew data record that helps determie what data (files, data sets ad resources) pertai to which regulatio. Exit Ehacemets: Ehaces the istallatio exit retur code resposes to provide cosistecy across exit poits. Kerberos Support for Password Phrase: Supports geeratig Kerberos keys for Kerberos users durig password phrase updates at sig-o ad TSS commad admiistratio. LDS Ehacemets: Supports LDAP fuctios that require attribute values to be surrouded by sigle or double quotatio marks. This ehacemet improves the ability to sychroize such data as user passwords to directories, providig a cetralized password repository i a itegrated etwork eviromet.
PDS/E Support: Itegrates member-level protectio for partitioed data sets (PDS) ad partitioed data set exteded (PDS/E) libraries. Certificate Ehacemets: Certificate processig has bee modified to move the iteral certificate table from CSA to 64-bit storage whe more tha 50 certificates are detected. Compliace Iformatio Aalysis (CIA) Report Ehacemets: Added i CA Top Secret r12 ad ehaced i CA Top Secret r14, this feature improves report readability ad audit requiremets. TSO Logo with a Password Phrase: I support of the IBM chages, the ability to logo to TSO usig a password phrase is supported i CA Top Secret r14. Various Admiistrative Ehacemets: Chages to ehace the user experiece with CA Top Secret Admiistratio iclude: > Storage maagemet to reduce the possibility of outages > INACTIVE cotrol optio for better ACID maagemet > TSSCFILE performace improvemets > TSSFAR improvemets > TSSUTIL graularity ad process improvemets > TSS MODIFY improvemets Other Key Features Comprehesive Security: CA Top Secret provides comprehesive security for the z/os eviromet, subsystems, OEM software ad databases. Iclusive User Maagemet: Idividual accoutability is the key to effective iformatio security. May govermet regulatios ad corporate policies require separatio of fuctios or duties. CA Top Secret lets you decide what policies are relevat ad implemet those structures to help esure idividual accoutability. Data ad Resource Maagemet: Your data ceter maagers are resposible for esurig the itegrity of all data ad programs stored o their computer systems, ad they uderstad that ay data loss ca potetially traslate ito a fiacial loss. To aid them, CA Top Secret cotrols all access to data sets ad resources ad offers the flexibility to specify permissios at the role level (Profiles) or idividual level. Auditig ad Moitorig: Several laws i may coutries require orgaizatios to establish iteral cotrols pertaiig to computerized data. CA Top Secret icludes a variety of reportig ad auditig fuctios that provide the iformatio ad capabilities you eed to moitor access ad produce audit reports. Separatio of Admiistrative Fuctios: While the implemetatio of security is very importat, so too is the resposibility for security admiistratio. Restrictig who ca grat access ad defie your users is the corerstoe for effective security. CA Top Secret provides separatio of security admiistratio fuctios ad duties ad a additioal maagemet cotrol that safeguards your systems. Admiistratio Diversity: Without proper admiistratio, there ca be o guaratee that your security is structured correctly. To help meet your busiess requiremets ad ease the admiistratio process, CA Top Secret icludes flexible ad powerful admiistratio tools provided out of the box. Security Iformatio Sharig: To reduce security admiistratio, huma error ad costs, security iformatio must be shared across a etworked eviromet. CA Top Secret works with other solutios to provide comprehesive iformatio security across your etwork, icludig: > CA LDAP Server: This compoet provides a sigle iterface for applicatios to request security services, icludig addig, updatig ad retrievig security related iformatio. You ca leverage the existig iformatio stored i CA Top Secret to achieve maiframe-stregth user autheticatio ad authorizatios for applicatios throughout the eterprise.
CA WEB ADMINISTRATOR FOR TOP SECRET Figure A: ACID ad Access Right tabs i CA Top Secret usig CA Web Admiistrator.
> LDAP Directory Services (LDS): LDS provides flexible itegratio with existig schema defiitios, elimiatig the eed for specialized iterfaces to make security data accessible. > CA Distributed Security Itegratio (CA DSI): CA DSI allows applicatios o a Widows platform to issue calls to CA Top Secret for user autheticatio ad authorizatio. > Liux o System z Support: CA Pluggable Autheticatio Module (CA PAM) is a ope source architecture that allows CA Top Secret to act as a autheticatio server for oe or more maiframe Liux systems elimiatig the eed for redudat security admiistratio to defie users o a systemby-system basis. CA PAM is supported o both z/os ad z/vm. > IBM Policy Director (PDAS): CA Top Secret uses the commo SAF iterface to support customers usage of IBM Policy Director. > CA Web Admiistrator for Top Secret: This product provides a distributed browser-based GUI iterface to help with admiistratio i real time agaist live CA Top Secret data. Beefits CA Top Secret delivers access cotrol software for z/os operatig systems ad icludes iterfaces for CICS, z/os Uix ad IMS (ad a optioal add-o for DB2). Basic ad advaced CA Top Secret mechaisms provide the flexibility ad cotrol that you eed to moitor ad adjust your security policies ad accommodate virtually all orgaizatioal structures. Admiistrative tools, extesive reportig optios, olie moitorig ad automatic loggig capabilities accompay CA Top Secret to secure your eviromet while eablig comprehesive auditig ad cotrolled sharig of data ad resources. Why CA A key compoet of CA s Maiframe 2.0 iitiative, CA Top Secret is just oe of may CA products ad solutios that ca help you uify ad simplify the maagemet of complex computig eviromets across the etire eterprise. Whe combied with CA s distributed security solutios, CA Top Secret provides cotiuous cotrols ad ed-to-ed security to help you meet your busiess ad compliace requiremets. Copyright 2010 CA. All rights reserved. IBM, z/os, z/vse, SMP/E, zseries, AIX, IMS, CICS, Parallel Sysplex, DB2, ad WebSphere are trademarks of Iteratioal Busiess Machies Corporatio i the Uited States, other coutries, or both. All trademarks, trade ames, service marks ad logos refereced herei belog to their respective compaies. This documet is for your iformatioal purposes oly. CA assumes o resposibility for the accuracy or completeess of the iformatio. To the extet permitted by applicable law, CA provides this documet as is without warraty of ay kid, icludig, without limitatio, ay implied warraties of merchatability, fitess for a particular purpose, or oifrigemet. I o evet will CA be liable for ay loss or damage, direct or idirect, from the use of this documet, icludig, without limitatio, lost profits, busiess iterruptio, goodwill or lost data, eve if CA is expressly advised i advace of the possibility of such damages. 1840_0310