Mainframe Cybersecurity & Compliance

Privilege escalation detection lets you identify vendors and malicious actors that may be modifying strategic ACEE areas, logonid record fields (LIDREC), and TOKEN fields in the resource and user security token, to gain access to resources. ACF2 supports a new field in the GSO OPTS record. The new field, PRIVESC|NOPRIVSC, detects ACEE, LIDREC, and TOKEN field modifications during RACROUTE REQUEST=AUTH calls. Implementing the GSO OPTS record PRIVESC field lets you validate ACEE integrity by analyzing where modifications occurred and whether modifications are expected. Validation helps you ensure that ACEE modifications comply with the security policies of your organization and do not introduce unnecessary risk. For more information, see Define Privilege Escalation Detection and ACF2 Option Specifications (OPTS) and messages CAS2710I, CAS2711I, CAS27121I, CAS2713I, and CAS2714I.

------------------------------
Laura Fletcher
Principal Technical Writer
Broadcom
Illinois
------------------------------

#ACF2

Hello,

The PRIVESC field in the GSO OPTS record provides a powerful mechanism for detecting privilege escalation attempts in ACF2. By analyzing modifications to ACEE, LIDREC, and TOKEN KY fields during RACROUTE REQUEST=AUTH calls, you can identify potential security breaches and ensure compliance with your organization's security policies. This feature is particularly valuable in environments where there is a high risk of unauthorized access or malicious activity.

Original Message:
Sent: May 16, 2024 02:48 PM
From: Laura Fletcher
Subject: Support for Privilege Escalation Detection

Privilege escalation detection lets you identify vendors and malicious actors that may be modifying strategic ACEE areas, logonid record fields (LIDREC), and TOKEN fields in the resource and user security token, to gain access to resources. ACF2 supports a new field in the GSO OPTS record. The new field, PRIVESC|NOPRIVSC, detects ACEE, LIDREC, and TOKEN field modifications during RACROUTE REQUEST=AUTH calls. Implementing the GSO OPTS record PRIVESC field lets you validate ACEE integrity by analyzing where modifications occurred and whether modifications are expected. Validation helps you ensure that ACEE modifications comply with the security policies of your organization and do not introduce unnecessary risk. For more information, see Define Privilege Escalation Detection and ACF2 Option Specifications (OPTS) and messages CAS2710I, CAS2711I, CAS27121I, CAS2713I, and CAS2714I.

------------------------------
Laura Fletcher
Principal Technical Writer
Broadcom
Illinois
------------------------------

#ACF2