Need to secure HSM with CA Top Secret. HSM documentation only provides RACF examples. See Below:
RDEFINE FACILITY STGADMIN.ARC.ENDUSER.* UACC(READ)
RDEFINE FACILITY STGADMIN.ARC.* UACC(NONE)
PERMIT STGADMIN.ARC.* CLASS(FACILITY) ID(userid) ACCESS(READ)
SETR GLOBAL(FACILITY) REFRESH
SETR GENERIC(FACILITY) REFRESH
SETR RACLIST(FACILITY) REFRESH
The RACF commands assumes that the HSM started task acid has been created. It has not been previously created, please use the following example commands to create it.
TSS CREATE(archive) NAME('HSM REG ACID') TYPE(USER) DEPARTMENT(dept)
PASSWORD(NOPW,0) FACILITY(STC) MASTFAC(HSM) NODSNCHK NORESCHK NOVOLCHK
TSS ADDTO(STC) PROCNAME(hsm) ACID(archive)
The RACF commands converted to CA Top Secret commands are:
TSS ADD(dept) IBMFAC(STGADMIN)
TSS PER(ALL) IBMFAC(STGADMIN.ARC.ENDUSER.) ACC(READ)
TSS PER(userid) IBMFAC(STGADMIN.ARC.) ACC(READ)
Please refer to "Chapter 5: Non-CA Products" in the CA Top Secret Implementation:Others Guide for additional information on securing HSM.
Please refer to "Appendix B: RACF to CA Top Secret Translation" in the CA Top Secret Cookbook for details on translating RACF commands to CA Top Secret.