ICSF security requirements for CA XCOM for z/OS

Document ID : KB000008564
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Can you please advise what ICSF services are used by CA XCOM?

Specifically, I am looking into implementing ICSF security and need to know what resources in resource class "CSFSERV" need to be permitted to -

1) The accessor ID associated with the CA XCOM address space ; and

2) Any accessor ID initiating a CA XCOM file transfer request.

Environment:
XCOM r12.0 z/OS 2.1
Resolution:

CA XCOM Data Transport will make use of ICSF when performing SSL transfers only.

You will definitely need to provide/permit/define access to the "CSFSERV" resource class to the following:

1) The accessor ID associated with the CA XCOM address space ; and

2) Any accessor ID initiating a CA XCOM file transfer request

When IBM System SSL is configured for SSL transfers, you will need to determine what ciphers you will be using and based on that you will reference/follow the IBM documentation to determine which of the ICSF resources defined will need to be permitted for the XCOM ID's

If using OpenSSL, CA XCOM uses the ICSF CSNBSYE/CSNBSYD encryption functions.

 

 

 

 

 

Additional Information:

Please note that IBM System SSL must be implemented/configured to be used with XCOM r12.0.