CA ACF2 Review

Provides compliance with SOX controls and full evidence of SoD adherence.

What is most valuable?

The most valuable feature is strict and reliable access control to CICS Resources. Valid access is positive; a block is a genuine block.

How has it helped my organization?

ACF2 provides us with compliance with SOX controls and full evidence of SoD adherence.

What needs improvement?

LIDs based on names are rapidly becoming useable. A primary key based on SSO IDs is preferred for LIDs in the UID string. This will also serve as a primary (and secure) key to owners of personal accounts. Functional and service accounts should follow a more strict naming convention.

For how long have I used the solution?

We have been using ACF2 for 3 years.

What do I think about the stability of the solution?

The product is legacy and has many years of stable use.

What do I think about the scalability of the solution?

There is no issue with scalability. Its seems that a legacy product like this could have boundaries, but it could easily be extended securely using LDAP or AD groups.

How is customer service and technical support?

This being a legacy product, developing a cooperating group of companies (for reduced license expenses) does lack real support. You would really have to rely on the web and other resources to get the general gist of operations. The real crux of problems lies in the way UIDs are constructed. Those that may have this information have long left the company. Usually this information is not captured properly in documents, as UID specifications may have been designed quickly and in ad-hoc fashion. You will have to rely on any information current support teams retained.

How was the initial setup?

Initial setup could be complex if you rely on contractors to help with implementation. If errors are made, they are difficult to catch and correct unless you have a thorough understanding of how ACF2 works, what your requirements are and the resultant implementation you have in hand.

What's my experience with pricing, setup cost, and licensing?

Follow the general guidelines; there are no traps.

What other advice do I have?

Capture your intentions as requirements and do not lose the requirements. Test the resulting implementation to confirm it meets requirements as documented. Any changes based on test-driven development need to be properly documented and approved.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment