ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvseclvlterm.htm

86 lines
5.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security levels" />
<meta name="abstract" content="Security on your system is arranged in a series of levels, with each level offering a greater degree of security and protection of your data than the previous level." />
<meta name="description" content="Security on your system is arranged in a series of levels, with each level offering a greater degree of security and protection of your data than the previous level." />
<meta name="DC.Relation" scheme="URI" content="rzamvconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="seclvlterm" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security levels</title>
</head>
<body id="seclvlterm"><a name="seclvlterm"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security levels</h1>
<div><p>Security on your system is arranged in a series of levels, with
each level offering a greater degree of security and protection of your data
than the previous level.</p>
<p>You can choose how much security you want the system to enforce by setting
the security level (QSECURITY) system value. i5/OS™ supports these fully-integrated system
security levels: </p>
<ul><li><strong>Level 20: Password security</strong><p>At this security level, users that
access to the system must have a password and user ID that the system recognizes.
The system administrator creates both the user ID and initial password for
users. This level of security allows users total authority to do anything
they want on the system, which means that all users can access all data, files,
objects, and so on, on your system because all users have *ALLJOB special
authority. </p>
</li>
<li><strong>Level 30: Password and resource security</strong><p>At this security level,
resource security is enforced on the system. That is, users must have specific
authority to use objects because they do not have any authority by default.
Users do not have automatic access to everything on the system and the system
administrator must define a valid user ID and password for them. User access
is limited by the security policies of the business.</p>
</li>
<li><strong>Level 40: Integrity protection</strong><p>At this security level, resource
security and integrity protection are enforced, and the system
itself is protected against users. Integrity protection functions, such as
the validation of parameters for interfaces to the operating system, help
protect your system and the objects on it from tampering by experienced system
users. For example, user-written programs cannot directly access the internal
control blocks through pointer manipulation. Level 40 is the default security
level for every new installation and is the recommended security level for
most installations. </p>
</li>
<li><strong>Level 50: Advanced integrity protection</strong><p>At this security level,
advanced integrity protection is added to the resource security and level
40 integrity protection enforcement. Advanced integrity protection includes
further restrictions, such as the restriction of message-handling between
system state programs and user state programs. Not only is the system protected
against user-written programs, but it ensures that users only have access
to data on the system, rather than information about the system itself. This
offers greater security against anyone attempting to learn about your system.
Level 50 is the recommended level of security for most businesses, because
it offers the highest level of security currently possible. Also, level 50
is the required level for C2, FIPS-140, <span>and Common Criteria</span> certifications.</p>
</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvconcepts.htm" title="To effectively create a security policy and plan security measures for your system, you need to understand the following security concepts, some of which are general concepts and some of which are specific to the hardware type.">Concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>