Privileged users are targets of cyber criminals seeking to leverage the privileged accesses that these IDs may contain (e.g. 24x7 access to IBM RACF SPECIAL or group-SPECIAL). Consequently, they are also a large focus in audits. Too often organizations make group administration privileges available to too many people and for an unlimited timeframe driving up risk. During an audit, auditors scrutinize how many users have group administration rights, which users have this privilege, and for how long they can exercise this privilege. Group administration should be available to a small subset of users and only when the administration is needed.
We are pleased to announce that Trusted Access Manager for Z now supports just in time access to group-SPECIAL for users that have a justified business need for group administration. By granting group administration on a limited basis, you are able to reduce the risk of malicious activity. Restricting access to group administration to just the work day versus all day can reduce the risk of malicious use by 70%.
For more information on implementing group administration with group-SPECIAL, see the product documentation.
In addition, if you would like to see more of the group-based privileges added to the product, reply to this post with your desired privileges, and we will look to incorporate them.
Finally, if you would like to learn more about the product, how to use it, or how to approach an implementation at your site, please sign up for a 1-on-1 workshop, found at Broadcom Mainframe Cybersecurity Workshops.
------------------------------
Adam Hendrix
Staff Technical Writer
Broadcom
------------------------------