CA ACF2 Review
Provides compliance with SOX controls and full evidence of SoD adherence.

Valuable Features

The most valuable feature is strict and reliable access control to CICS Resources. Valid access is positive; a block is a genuine block.

Improvements to My Organization

ACF2 provides us with compliance with SOX controls and full evidence of SoD adherence.

Room for Improvement

LIDs based on names are rapidly becoming useable. A primary key based on SSO IDs is preferred for LIDs in the UID string. This will also serve as a primary (and secure) key to owners of personal accounts. Functional and service accounts should follow a more strict naming convention.

Use of Solution

We have been using ACF2 for 3 years.

Stability Issues

The product is legacy and has many years of stable use.

Scalability Issues

There is no issue with scalability. Its seems that a legacy product like this could have boundaries, but it could easily be extended securely using LDAP or AD groups.

Customer Service and Technical Support

This being a legacy product, developing a cooperating group of companies (for reduced license expenses) does lack real support. You would really have to rely on the web and other resources to get the general gist of operations. The real crux of problems lies in the way UIDs are constructed. Those that may have this information have long left the company. Usually this information is not captured properly in documents, as UID specifications may have been designed quickly and in ad-hoc fashion. You will have to rely on any information current support teams retained.

Initial Setup

Initial setup could be complex if you rely on contractors to help with implementation. If errors are made, they are difficult to catch and correct unless you have a thorough understanding of how ACF2 works, what your requirements are and the resultant implementation you have in hand.

Pricing, Setup Cost and Licensing

Follow the general guidelines; there are no traps.

Other Advice

Capture your intentions as requirements and do not lose the requirements. Test the resulting implementation to confirm it meets requirements as documented. Any changes based on test-driven development need to be properly documented and approved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Why do you like it?

Sign Up with Email