• Home
• Software Solutions
  • Security Management Solutions
    • Vanguard Administrator™
    • Vanguard Advisor™
    • Vanguard Security Center™
  • Audit and Compliance Solutions
    • Vanguard Analyzer™
    • Vanguard inCompliance™
    • Vanguard Enforcer™
    • Vanguard Policy Manager™
  • Access Management Solutions
    • Vanguard Authenticator™
    • Vanguard ez/Signon™
    • Vanguard ez/Token™
    • Vanguard Tokenless Authentication™
    • Vanguard ez/Integrator™
    • Vanguard ez/AccessControl™
    • Vanguard Registration Manager™
    • Vanguard Password Reset™
  • Intrusion Detection Solutions
    • Vanguard Enforcer™
• Services
  • Vanguard Services
  • RACF Services
  • Network Services
  • Meet The Team
  • Sample Assessment
  • Vanguard At Your Service
• Training
  • Register Online
  • Training Schedule
  • Lodging & Travel Info
  • Vanguard Instructors
  • Registration & Fees
  • RACF User Groups
• Conference
• International
  • International
  • Become a Distributor
  • Distributor Zone
• Customer Zone
• About Vanguard
  • About Us
  • Contact Form
  • Employment Opportunities
  • Executive Management
  • Office Locations
  • Ronn Bailey Bio
  • Vanguard History
  • Media & Documents

See below for more details on these exciting product enhancements or contact your Vanguard sales representative for more information..

New Features and Enhancements in Vanguard Administrator

• Manage Digital Certificate and Ring Information  Administrator now manages digital certificate information maintained in the RACF database. With these new capabilities, users can create new digital certificates, delete them, prepare requests for certificates to be signed by certificate authorities, import new signed certificates, renew existing certificates and can also add and delete certificates from digital certificate rings. Users can also modify RACF user and general resource profile data associated with digital certificates. In other words, Administrator now offers complete digital certificate management capability to complement the selective digital certificate reporting functions that it already had.

• RACF protection of LDAP client configurations. Use Administrator 7.1 to invoke RACF protection of Apache Directory client session configuration information. Use the new ICTX and NOICTX operands in the ICTX segment of the LDAPBind class profile to specify the ICTX configuration options that control access to and use of data in the ICTX identity cache. Administrator 7.1 Security Server command generation and General Resource Class reports support the ICTX/NOICTX operands.

• Enable/disable generic profiles for General Resource classes. Use Administrator 7.1 to define the new GENERIC/NOGENERIC sub-operands for the General Resource CDTINFO segment. These sub-operands dynamically allow or disallow the use of generic profiles for a General Resource class. They also enable or disable the use of the commands, SETROPTS GENERIC (activate generic profile checking) and SETROPTS GENCMD (activate generic profile command processing), for the specified class. Administrator 7.1 Security Server command generation and General Resource Class reports support the new GENERIC/NOGENERIC sub-operands.

• “Password Phrase” user authentication.  Strengthen user authentication by requiring a “password phrase” for RACF users. A password phrase consists of a combination of 14 to 100 mixed-case letters, numbers and special characters, including blanks. It can be specified using the new PHRASE operand in a User Profile. When the PHRASE operand is specified, the user must supply the password phrase instead of the traditional eight-character RACF password for authentication. The NOPHRASE operand will reset the user profile to use a traditional RACF password for authentication. Administrator 7.1 Identity Manager, Security Server command generation and User Profile reports all support password phrases.

• PCICC private key type RACDCERT operand. Administrator 7.1 supports the new PCICC private key type operand for the RACDCERT command for managing digital certificate data in a User Profile. The PCICC operand indicates an RSA-type private key generated by PCI Class cryptographic coprocessor. Administrator 7.1 supports PCICC as a masking panel value for User Profile and General Resource Profile reports.

• OPERPARM message type operands  New User Profile OPERPARM segment sub-operands indicate the types of messages that an operator console is permitted to receive. These new sub-operands are HC/NOHC (hard copy messages). INTID/NOINTID (messages directed to console ID zero) and UNKNIDS/NOUNKNIDS (messages directed to an unknown console). Administrator 7.1 supports these new sub-operands in Security Server command generation and User Profile OPERPARM Segment reports.

• Enhanced Masking for Profile Segment and Connect Reports.  These two Security Server report sets, batch and online, now support the enhanced masking feature.

• More Masking Fields for Data Set Profile and General Resource Reports.  These two Security Server Report Sets, batch and online, now include Standard and Global Audit Flags and Qualifiers field values in both standard and enhanced masking functions.

• New Masking Field for Data Set Profile Access List Report. This Security Server Report, batch and online, now includes masking on Access Authority field values in both standard and enhanced masking functions.

• New DB2 Reports  You can now generate DB2 Summary and Detail reports either from an extract file or in LIVE mode. These new Standard Reports are generated from SMF Type 102 records.

• Advisor Panels and Reports Now Show Complete RACF Commands The 400-byte limit no longer applies to RACF commands shown in Advisor panels and reports. Now the full RACF command will always be displayed. Violation Detail and User Activity Detail reports have been reformatted to show the entire RACF command associated with the events reported. You no longer need to specify the length for the command text when using the Report Formatting function. The complete command will automatically be displayed.

• Obsolete parameters and masking dropped The NOOPENEDITION parameter will no longer be accepted. This parameter was replaced in Release 5.1 with the NOUSS parameter. Support for NOOPENEDITION was continued until now to give users time to convert to the new parameter. If the NOOPENEDITION parameter is specified, a message will be issued and processing will be terminated. Advisor’s improved enhanced masking process was implemented in Release 5.2.The EMASK control parameter is no longer needed. All the masking parameters that you specify will be processed using the new masking process. The EMASK parameter now triggers an informational message but processing will continue.

• Duplicate modules analysis shows module location  Analysis of duplicate modules available as an option in Sensitive and Critical Datasets reports now shows the volume serial number of each duplicate module listed. This makes researching the validity of these datasets easier and faster.

• New OK Audit Findings feature  Make your Analyzer reports more focused and meaningful by filtering out audit findings that have been previously found, evaluated and accepted. Analyzer now lets you mark an accepted audit finding as ‘OK’ in all Analyzer reports (except for options C, G, H, I and 7). As a result, this finding will not be included in summaries and totals of any future Analyzer reports. An ‘OK’ finding will still be shown on detailed reports with an ‘*’ indicating that it is known and accepted.

• Multiple RACF Database Support.  A single Security Center client can now manage multiple RACF databases, including databases located on different z/OS host systems. An administrator can have several RACF databases open simultaneously within a single client, and navigate easily from one RACF database to another without having to close one client and open another. This makes administrators more effective and enables a wide variety of schemes for distributing duties and authority across a security administration team.

• z/OS RACF 1.8 Password Phrase Option.  Strengthen user authentication with Password Phrases. Password Phrases are character strings from 14 to100 characters long that contain mixed-case letters, numbers, special characters and blanks. Introduced in z/OS 1.8, Password Phrases can be used in place of standard eight-character RACF passwords for user authentication. Security Center supports the Password Phrase option and will now accept either standard passwords or password phrases for RACF user profiles.

• Vanguard Hard Revoke Feature.  Security Center now recognizes that a user ID has been “hard revoked” by another Vanguard’s product, and can itself hard revoke a user ID and restore a hard-revoked user. The Vanguard Hard Revoke feature gives security administrators a way to be sure that a revoked user ID will not be inadvertently resumed by a password reset operation—something that RACF by itself cannot do.

• Dynamic Caching of DB2 User Authorization Changes.  Security Center now dynamically caches all DB2 authorized user (AUTHID) GRANT and REVOKE transactions for all client sessions. Users can now be certain that DB2 user authorization information maintained by Security Center mirrors the latest information in DB2.

• Faster RACF Command Execution.  SecurityCenter submission and execution time has been significantly reduced.

• New RACF Command Options. SecurityCenter now offers an option that permits command submission and execution to continue after an error in a submitted command is detected. In addition, an option has been added to automatically issue the SETROPTS refresh command when raclisted options are modified. Cloning a user profile now includes an option to add a user data set profile. The user can select making this option automatic for all user clone operations or selectable with each clone operation.
  
  
• Issue SETROPTS Refresh to Multiple Nodes. Users can set an option that will issue SETROPTS refresh commands to other nodes within an RRSF environment.

• Backend Database Changed to use IBM's DB2 UDB for Windows.  inCompliance now uses IBM's DB2 UDB for Windows as its database manager. Previously, inCompliance used Microsoft SQL Server, which customers had to purchase at additional expense. Now, because the DB2 Express C edition is available at no cost, the effective cost of using InCompliance is significantly lower.

• Data Set Profile Checks Redesigned. The security checks done for RACF data set profiles, including general profile data, standard permits and conditional permits, have been redesigned to meet typical data set protection policies and practices. New baseline processing has also been added, enabling inCompliance to detect changes to general profile data, standard permits, and conditional permits in data set profiles. 

• Data Set Profile Checks Now Make Compliance Reporting Easier. Users can now perform checks and maintain results that are restricted to a list of user-specified data set names or high-level qualifiers. This new feature can be used to perform compliance checking and reporting on data sets that must be included in SOX, HIPAA, GLBA and other regulatory compliance reporting.

• Common Criteria EAL3+ Certification. Vanguard Enforcer™ 7.1 has been awarded Common Criteria Evaluation Assurance Level 3+ certification. This EAL3+ certification was granted by the German agency, Bundesamt für Sicherheit in der Informationstechnik (BSI). This certification follows rigorous evaluation and validation of Enforcer product functional claims and specifications, architecture, design, testing, security, and user guidance. It also includes validation of development, configuration management, product build, release and distribution processes with emphasis on the security measures applied to these processes.
  
  
• Common Criteria is an internationally established and recognized body of criteria and methodologies for evaluating security functions provided by information technology products. You can learn more about Common Criteria and EAL3+ certification by going to the Common Criteria portal at