Making changes to the CA Top Secret parameter file

Document ID : KB000015741
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Making changes to the CA Top Secret parameter file.

Question:

Our security administrator wants me to replace the following statement to the CA Top Secret parameter file:

FAC(WYLBUR=SIGN(S),MODE=FAIL,NOSTMSG,LUMSG,NOAUDIT,NORNDPW)

with the following two statements;

FAC(WYLBUR=NAME=ZOSMF)
FAC(ZOSMF=SIGN(M)

To implement this only on our test systems, I'm wondering if I can just add the new statements ahead of the current statement, or if I need to also completely exclude current statement.

Answer:

The CA Top Secret Control statements are read in sequential order.

So, if you have multiple entries for the same control statements, the last one will take effect.

Example:

FAC(ZOSMF=SIGN(M)

FAC(ZOSMF=SIGN(S)


SIGN(S) will be in effect since it was the last one encountered.

Having multiple statements can lead to confusion.

Best practices are to only have one unique control statement per CA Top Secret parameter file.