CHAPTER 6, PART 2

IBM & IBM COMPATIBLE MAINFRAME SECURITY

1 BACKGROUND

The increased level of scrutiny at the regulatory and media levels has mandated that USDA protect the integrity, confidentiality and availability of its assets.  IBM/IBM Compatible Mainframes process data for mission critical, departmental priority and sensitive systems in USDA and for IT service clients.   Audits conducted in 2000 by the General Accounting Office (GAO), the USDA Office of Inspector General and independent contractors revealed that the implementation and administration of security on IBM mainframes does not meet the Federal Government’s minimum security benchmarks for Automated Information Systems (AIS).  The audits also revealed a large amount of USDA assigned high level system privileges and that these environments lacked standardized administrative and technical controls.  Further, USDA’s IBM and IBM Compatible Mainframe areas do not sufficiently assure that we can prevent or detect unauthorized use of our systems.