Ca2

CA ACF2 Review
Provides compliance with SOX controls and full evidence of SoD adherence.


Valuable Features:

The most valuable feature is strict and reliable access control to CICS Resources. Valid access is positive; a block is a genuine block.

Improvements to My Organization:

ACF2 provides us with compliance with SOX controls and full evidence of SoD adherence.

Room for Improvement:

LIDs based on names are rapidly becoming useable. A primary key based on SSO IDs is preferred for LIDs in the UID string. This will also serve as a primary (and secure) key to owners of personal accounts. Functional and service accounts should follow a more strict naming convention.

Use of Solution:

We have been using ACF2 for 3 years.

Stability Issues:

The product is legacy and has many years of stable use.

Scalability Issues:

There is no issue with scalability. Its seems that a legacy product like this could have boundaries, but it could easily be extended securely using LDAP or AD groups.

Technical Support:

This being a legacy product, developing a cooperating group of companies (for reduced license expenses) does lack real support. You would really have to rely on the web and other resources to get the general gist of operations. The real crux of problems lies in the way UIDs are constructed. Those that may have this information have long left the company. Usually this information is not captured properly in documents, as UID specifications may have been designed quickly and in ad-hoc fashion. You will have to rely on any information current support teams retained.

Initial Setup:

Initial setup could be complex if you rely on contractors to help with implementation. If errors are made, they are difficult to catch and correct unless you have a thorough understanding of how ACF2 works, what your requirements are and the resultant implementation you have in hand.

Cost and Licensing Advice:

Follow the general guidelines; there are no traps.

Other Advice:

Capture your intentions as requirements and do not lose the requirements. Test the resulting implementation to confirm it meets requirements as documented. Any changes based on test-driven development need to be properly documented and approved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

0 Comments

Anonymous avatar x30
Guest

Have A Question About CA ACF2?

Our experts can help. 218,478 professionals have used our research on 5,616 solutions.
Why do you like it?

Sign Up with Email