Accountability is a basic compliance requirement and fundamental system security. A common challenge faced by security administrators involves the control of access to, and sharing of, powerful user IDs such as SUPER.SUPER. Often it is necessary for some users to have access to these IDs in order to perform their jobs.
In contrast, responsible security and compliance requires each system user have a single and unique user ID. The challenge is to enable them to perform all of their job functions from this single and unique user ID.
XYGATE Access Control (XAC) allows for greater flexibility in configuring system access. XAC offers powerful, granular access control, allowing HPE NonStop customers’ security administrators to easily configure access according to users’ roles and responsibilities so that individuals are given access to the right set of system resources. The configuration settings defined in XAC govern whether user requests to run system utilities or other programs are granted or denied. “Allow” and “Deny” features restrict commands within programs and utilities to the subcommand level, supporting segregation of duties and adhering to the Principle of Least Privilege (POLP).
Whether your organization chooses to very specifically define a job function down to individual sub-commands, or fewer restrictions but with complete session and keystroke audits, XAC facilitates the creation and maintenance of this secure environment without compromising employee effectiveness and efficiency.
Flexible Keystroke Audits
XAC has extremely flexible auditing options so that no action is invisible. Each command can have specific auditing parameters associated with it. For example, you could choose to audit the keystrokes of a particular user, you can also configure an XAC command that starts a FUP process as SUPER. SUPER which may have requirements to be strictly audited: every keystroke entered, all outcome responses, and even the first 25 lines of output generated during the use of the FUP can be captured by XAC.
Strict enforcement of security standards are a key component for the majority of HPE NonStop customers.
Native security of the NonStop server is robust yet there are instances where policy compliance is achieved with solutions such as XYGATE Access Control.
Several of the PCI DSS requirements are easily addressed through the implementation of RBAC using XAC and key auditing requirements are achieved with XAC’s auditing of individual user activity.
Whether your organization chooses to define job function to the finest granularity, with every possible command entry controlled, or if they choose to have fewer restrictions but with complete session and keystroke audits, it’s absolutely critical to maintain a secure environment without compromising employee effectiveness and efficiency.