PRODUCT SHEET: CA TOP SECRET FOR z/OS
CA Top Secret® r14 for z/OS
CA Top Secret for z/OS (CA Top Secret) provides innovative and comprehensive security
for your business transaction environments—including z/OS, Mainframe Unix and Linux—
enabling your business to fully realize the reliability, scalability and cost effectiveness of
the mainframe. In conjunction with CA Distributed Security solutions, CA Top Secret
helps secure your entire enterprise.
Business Value
To stay competitive in
today’s changing business
landscape, organizations
must strengthen security,
streamline administration and
take a proactive stance on
data security. CA Top Secret
helps organizations meet
these challenges and provides
enhanced auditing capabilities
that let you efficiently manage
user identities and access to
assets, as well as proactively
monitor and report on
accesses. These capabilities
let organizations enforce
business policies, comply with
regulations and achieve end-toend security management.
Product Overview
CA Top Secret provides the
flexibility and control you
need to monitor and adjust
your security policies and
meet ever-expanding
regulatory, policy and industry
requirements. Furthermore,
CA Top Secret’s extensive
administrative, reporting,
monitoring and logging
capabilities help you secure
your mainframe environment—
and your own peace of mind.
Delivery Approach
CA Services provides a
portfolio of mainframe
services delivered through CA
internal staff and a network
of established partners
chosen to help you achieve
a successful deployment
and get the desired business
results as quickly as possible.
We designed our standard
service offerings to accelerate
deployment and the learning
curve for your staff. CA’s
field-proven mainframe best
practices and training help
you lower risk, improve use/
adoption and ultimately align
the product configuration to
your business requirements.
Features
Mainframe 2.0
CA Top Secret has adopted key Mainframe 2.0 features designed to simplify your use of CA Top Secret and
enable your staff to install, configure and maintain it more effectively and quickly.
A Mainframe Software Manager: The CA Mainframe Software Manager automates CA Top Secret
C
installation and maintenance and removes SMP/E complexities.
> The Software Acquisition Service enables you to easily move product installation packages and maintenance
from CA Support Online directly to your mainframe environment and prepare them for installation.
> The Software Installation Service standardizes CA Top Secret installation, which includes a new,
streamlined Electronic Software Delivery (ESD) method that allows CA Top Secret to be installed using
standard utilities. This service also provides standardized SMP/E product installation and maintenance
via APARs and PTFs, and simplifies SMP/E processing through an intuitive graphical user interface and an
intelligent Installation Wizard.
> The Software Deployment Service enables you to easily deploy CA Top Secret in your mainframe
environment.
> CA MSM Consolidated Software Inventory (CSI) updates and infrastructure improvements add flexibility
to CA MSM processing of CSIs and enable CA MSM to more effectively utilize CPU and system memory.
n
n
I nstallation Verification Program (IVP) and Execution Verification Program (EVP): As part of qualification for
inclusion in the set of CA mainframe products released every May, CA Top Secret has passed stringent tests
performed through the IVP and EVP to find and resolve interoperability problems prior to release. These
programs are an extension of CA’s ongoing interoperability certification initiative launched in May 2009.
n
est Practices Guide: This guide provides information on CA Top Secret installation, initial configuration
B
and deployment to shorten the learning curve for staff responsible for the installation and management of
this product.
ealth Checker: The Mainframe 2.0 Health Checker provides CA Top Secret Health Checks that execute under
H
the IBM Health Checker for z/OS.
> The CA Top Secret Health Checker is a valuable tool to identify potential problems before they impact
your availability or cause system outages. It checks the current active CA Top Secret settings and
definitions for a system and compares the values to those suggested by CA or defined by you.
n
What’s New in CA Top Secret r14 for z/OS
n A
ES Encryption (Password and Password Phrase): Provides improved security controls for password and
password phrases to support FIPS-approved AES128 for stronger encryption.
n
ATADELPROT Control Option: Delivers further protection from accidental data loss. This option prevents
C
users with alter access to the master catalog from deleting SMS-managed data sets for which they do not
have delete privileges.
n
ata Classification: Introduces a new data record that helps determine what data (files, data sets and
D
resources) pertain to which regulation.
n
xit Enhancements: Enhances the installation exit return code responses to provide consistency across exit points.
E
n
erberos Support for Password Phrase: Supports generating Kerberos keys for Kerberos users during password
K
phrase updates at sign-on and TSS command administration.
n
L DS Enhancements: Supports LDAP functions that require attribute values to be surrounded by single or
double quotation marks. This enhancement improves the ability to synchronize such data as user passwords
to directories, providing a centralized password repository in an integrated network environment.
n
DS/E Support: Integrates member-level protection for partitioned data sets (PDS) and partitioned data set
P
extended (PDS/E) libraries.
n
ertificate Enhancements: Certificate processing has been modified to move the internal certificate table
C
from CSA to 64-bit storage when more than 50 certificates are detected.
n
ompliance Information Analysis (CIA) Report Enhancements: Added in CA Top Secret r12 and enhanced
C
in CA Top Secret r14, this feature improves report readability and audit requirements.
n
SO Logon with a Password Phrase: In support of the IBM changes, the ability to logon to TSO using a
T
password phrase is supported in CA Top Secret r14.
arious Administrative Enhancements: Changes to enhance the user experience with CA Top Secret
V
Administration include:
> Storage management to reduce the possibility of outages
> INACTIVE control option for better ACID management
> TSSCFILE performance improvements
> TSSFAR improvements
> TSSUTIL granularity and process improvements
> TSS MODIFY improvements
n
Other Key Features
n C
omprehensive Security: CA Top Secret provides comprehensive security for the z/OS environment,
subsystems, OEM software and databases.
n
I nclusive User Management: Individual accountability is the key to effective information security. Many
government regulations and corporate policies require separation of functions or duties. CA Top Secret lets
you decide what policies are relevant and implement those structures to help ensure individual accountability.
n
ata and Resource Management: Your data center managers are responsible for ensuring the integrity of all
D
data and programs stored on their computer systems, and they understand that any data loss can potentially
translate into a financial loss. To aid them, CA Top Secret controls all access to data sets and resources and
offers the flexibility to specify permissions at the role level (Profiles) or individual level.
n
uditing and Monitoring: Several laws in many countries require organizations to establish internal controls
A
pertaining to computerized data. CA Top Secret includes a variety of reporting and auditing functions that
provide the information and capabilities you need to monitor access and produce audit reports.
n
eparation of Administrative Functions: While the implementation of security is very important, so too is
S
the responsibility for security administration. Restricting who can grant access and define your users is the
cornerstone for effective security. CA Top Secret provides separation of security administration functions
and duties and an additional management control that safeguards your systems.
n
dministration Diversity: Without proper administration, there can be no guarantee that your security is
A
structured correctly. To help meet your business requirements and ease the administration process, CA Top
Secret includes flexible and powerful administration tools provided out of the box.
n
ecurity Information Sharing: To reduce security administration, human error and costs, security information
S
must be shared across a networked environment. CA Top Secret works with other solutions to provide
comprehensive information security across your network, including:
>CA LDAP Server: This component provides a single interface for applications to request security
services, including adding, updating and retrieving security related information. You can leverage the
existing information stored in CA Top Secret to achieve mainframe-strength user authentication and
authorizations for applications throughout the enterprise.
CA WEB ADMINISTRATOR FOR TOP SECRET
Figure A: ACID and Access Right tabs in CA Top Secret using CA Web Administrator.
> L DAP Directory Services (LDS): LDS provides flexible integration with existing schema definitions, eliminating
the need for specialized interfaces to make security data accessible.
>CA Distributed Security Integration (CA DSI): CA DSI allows applications on a Windows platform to
issue calls to CA Top Secret for user authentication and authorization.
>
L inux on System z Support: CA Pluggable Authentication Module (CA PAM) is an open source
architecture that allows CA Top Secret to act as an authentication server for one or more mainframe
Linux systems—eliminating the need for redundant security administration to define users on a systemby-system basis. CA PAM is supported on both z/OS and z/VM.
>
I BM Policy Director (PDAS): CA Top Secret uses the common SAF interface to support customers’ usage
of IBM Policy Director.
>
A Web Administrator for Top Secret: This product provides a distributed browser-based GUI interface
C
to help with administration in real time against live CA Top Secret data.
Benefits
CA Top Secret delivers access control software for z/OS operating systems and includes interfaces for CICS,
z/OS Unix and IMS (and an optional add-on for DB2). Basic and advanced CA Top Secret mechanisms provide
the flexibility and control that you need to monitor and adjust your security policies and accommodate virtually
all organizational structures. Administrative tools, extensive reporting options, online monitoring and automatic
logging capabilities accompany CA Top Secret to secure your environment while enabling comprehensive auditing
and controlled sharing of data and resources.
Why CA
A key component of CA’s Mainframe 2.0 initiative, CA Top Secret is just one of many CA products and solutions
that can help you unify and simplify the management of complex computing environments across the entire
enterprise. When combined with CA’s distributed security solutions, CA Top Secret provides continuous controls
and end-to-end security to help you meet your business and compliance requirements.
Copyright © 2010 CA. All rights reserved. IBM, z/OS, z/VSE, SMP/E, zSeries, AIX, IMS, CICS, Parallel Sysplex, DB2, and WebSphere are
trademarks of International Business Machines Corporation in the United States, other countries, or both. All trademarks, trade names,
service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only.
CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides
this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for
a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this
document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance
of the possibility of such damages.
1840_0310