Steps to complete before leveraging CA Advanced Authentication Mainframe (AAM) or IBM Multi-FactorAuthentication (MFA):
Step 1: Implement CA Top Secret r16 including related toleration PTF RO92675 across all LPARs prior to beginning the implementation.
o For ease of implementation RO92675 should be ACCEPTed via SMP/E prior to moving ahead to step 2. This will allow sites to:
§ Successfully back out RO92696 should that become necessary.
§ Prevent problems should an LPAR unexpectedly be brought into a shared environment.
ALERT: If RO92675 is not ACCEPTed, make sure it is not RESTOREd while backing off any other maintenance.
Step 2: Install PTF RO92696 to bring in support for the AAM and MFA enhancement.
- This enhancement implements the following product changes:
- Internal TSS security record elements in support of AAM and MFA
- TSS command changes to allow MFA user and Control Option administration:
- TSS ADD/REMOVE/PERMIT/REVOKE command updates
- TSS MODIFY MFA Control Option updates
- TSS LIST command output to allow display of user ACID AAM and MFA data
- TSS MODIFY STATUS command output to allow display of AAM and MFA Control Option
- TSS WHOHAS MFACTOR
- TSSCFILE record types:
- 5203 PWFALLBACK=
- 5204 MFACTIVE=
- 5206 TAGS=
- 5207 Tag data continuation
ALERT: Attempting to implement AAM or MFA in a configuration where not all recommended maintenance has been applied can result in an unstable implementation and is highly discouraged.
Step 3: Begin implementation steps for AAM and MFA
- Follow the below links for documentation on implementing either CA Advanced Authentication Mainframe (AAM) or IBM Multi-Factor Authentication(MFA).