We just raised a $30M Series A: Read our story

CA ACF2 OverviewUNIXBusinessApplication

What is CA ACF2?

CA ACF2™ for z/OS provides innovative, comprehensive security for your business transaction environments—including Linux, UNIX and z/OS on System z—helping you realize the reliability, scalability and cost-effectiveness of the mainframe. CA ACF2 provides an Advanced Authentication Mainframe feature, system entry validation, resource control, auditability, accountability, and administrative control. In conjunction with distributed security solutions from CA Technologies, CA ACF2 provides mobile-to-mainframe enterprise class security and compliance management.

CA ACF2 Customers

Sky, Rogers Communications

CA ACF2 Video

Archived CA ACF2 Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
DC
IT Examiner at a financial services firm with 5,001-10,000 employees
Real User
Leaderboard
Saves resources through fully automated reporting

Pros and Cons

  • "Excellent real-time reporting that saves time and resources."
  • "Reporting can sometimes include false positives."

What is our primary use case?

Our primary use is to be able to review log events through reporting.

How has it helped my organization?

This product makes us more efficient because of the reports it provides. Without the product, extracting this information may take us as much as several days. Instead, we can get it in real time.

What is most valuable?

The real-time reporting on the event logs is the only thing we need to use it for. The time it saves makes it very valuable to us and our allocation of resources.

What needs improvement?

Any solution that would eliminate manual intervention further is a great improvement. A solution that requires less in the form of manual processing saves more time and effort.

The user access review could also be improved. It produces a lot of false positives. Improvement that will minimize false positives and enhance the reliability of the results would be a welcome change.

For how long have I used the solution?

We have been using this solution in our environment for a while but have not fully explored the capabilities.

How are customer service and technical support?

I am actually not involved in a position where I would have to contact technical support myself. I have not heard any complaints about it but I don't know how often it is used either.

Which solution did I use previously and why did I switch?

The product has replaced a variety of other solutions. We don't make the decision to switch, it is the users' decision based on their perceived needs. If users have a change in requirements that a current solution will not address, they will seek out a solution that meets their needs.

How was the initial setup?

We want to eliminate human coverage as much as possible. It took some time, but we were able to implement this goal fully within six months. Right now it is pretty much used by our entire IT group. There is more in the capability that we can utilize and we are exploring those possibilities as well.

What about the implementation team?

We used a consultant for the implementation. They had a lot of experience with the product and have implemented it for fortune 100 companies. It was a good experience.

What was our ROI?

Return on investment is the ability to allocate resources to other things. When you save someone days and weeks of effort by automating processes, that saves the employee resources and enhances possibilities for re-allocation and business growth.

What's my experience with pricing, setup cost, and licensing?

It is important to evaluate different products and come to an agreement among the IT staff as to what is most important before going forward with a decision and implementation. Every solution has its own unique features and the popularity or brand of a solution may not mean it is tailored to your environment. If you do a lot of planning and research, you'll get the right solution.

What other advice do I have?

I rate the product about eight out of ten considering the wealth of automated processes. Removing the need for human intervention makes the product valuable. It is only an eight and not a ten because there is still room for improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user811302
Technical Architect at a healthcare company with 10,001+ employees
Real User
Allows us to maintain tight controls on dataset and system access

Pros and Cons

  • "The NOACCESS by default is another very good feature. Also, access rules are straightforward, and easy to understand."
  • "It needs longer rules. The max rule is 32K."

What is our primary use case?

To provide security for the z/OS operating system.

How has it helped my organization?

By providing a high level of access control to the z/OS systems, ACF2 allows us to maintain tight controls on dataset and system access. It also helps us keep unauthorized users from accessing PHI or PII data.

What is most valuable?

  • The level of protection that ACF2 provides. 
  • The NOACCESS by default is another very good feature.
  • Access rules are straightforward, and easy to understand.

What needs improvement?

It needs longer rules. The max rule is 32K. It would be nice if the rules could be moved above the bar, which would allow for longer rules.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues, ACF2 is a very stable product.

What do I think about the scalability of the solution?

We have not had any issues with scalability.

How are customer service and technical support?

On a scale of one to 10, tech support would be an 11. They are knowledgeable about ACF2. They take ownership of the problem and provide the solutions you need.

Which solution did I use previously and why did I switch?

We purchased a company that was running another security product. We converted that system to ACF2. On our systems, we have always been an ACF2 shop.

Back in the 1980s when all mainframe shops were installing some type of security software, ACF2 was the best choice.

What other advice do I have?

ACF2 was installed here in 1985, probably because MVS security, at that time, was very limited.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user779265
Security Analyst
Real User
We use this tool to quickly assign privileges to different users as soon as they come in

Pros and Cons

  • "We use this tool to quickly assign privileges to different users as soon as they come in."
  • "I love their support. The support is great. They are number one."
  • "I would like my team and me to be able to use simple browsers, like Chrome, to be able to access mainframe data and provision users using the browser.​"

What is our primary use case?

We use CA ACF to manage security, provision users, and deprovision users from mainframe applications. 

What is most valuable?

One of the values in this industry is how it manages user security. We use this tool to quickly assign privileges to different users as soon as they come in. As soon as we onboard the users, we use CA ACF to assign privileges and assign rules to all the users. When the rule changes, we use CA ACF to change the rules or deprovision them from those rules and assign them new rules. It is done quickly and almost automatically.

What needs improvement?

I would like to see browser support whereby we can work from our desktops instead of using the mainframe tool called 3270. I would like my team and me to be able to use simple browsers, like Chrome, to be able to access mainframe data and provision users using the browser.

How is customer service and technical support?

I love their support. The support is great. They are number one.

Once in a while, we get into few pinches and we have to call technical support. They are always there for us. They respond very quickly and help us resolve issues, even giving us sample solutions, which is what we like so much about the support.

How was the initial setup?

No, I was not involved with the initial setup.

What other advice do I have?

Know that this tool is a great tool. It is a good tool to use. You can quickly automate, quickly provision, and deprovision new users, which is essential when you are bringing new people onboard. We have people coming and going all the time. So, you need a tool like this. CA ACF has a similar tool that we are trying to adopt, by the way, which would help us to quickly assign rules to users and remove rules from users. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Patrick Mondoy
Project Manager at a tech services company with 10,001+ employees
Consultant
Leaderboard
Provides compliance with SOX controls and full evidence of SoD adherence.

What is most valuable?

The most valuable feature is strict and reliable access control to CICS Resources. Valid access is positive; a block is a genuine block.

How has it helped my organization?

ACF2 provides us with compliance with SOX controls and full evidence of SoD adherence.

What needs improvement?

LIDs based on names are rapidly becoming useable. A primary key based on SSO IDs is preferred for LIDs in the UID string. This will also serve as a primary (and secure) key to owners of personal accounts. Functional and service accounts should follow a more strict naming convention.

For how long have I used the solution?

We have been using ACF2 for 3 years.

What do I think about the stability of the solution?

The product is legacy and has many years of stable use.

What do I think about the scalability of the solution?

There is no issue with scalability. Its seems that a legacy product like this could have boundaries, but it could easily be extended securely using LDAP or AD groups.

How is customer service and technical support?

This being a legacy product, developing a cooperating group of companies (for reduced license expenses) does lack real support. You would really have to rely on the web and other resources to get the general gist of operations. The real crux of problems lies in the way UIDs are constructed. Those that may have this information have long left the company. Usually this information is not captured properly in documents, as UID specifications may have been designed quickly and in ad-hoc fashion. You will have to rely on any information current support teams retained.

How was the initial setup?

Initial setup could be complex if you rely on contractors to help with implementation. If errors are made, they are difficult to catch and correct unless you have a thorough understanding of how ACF2 works, what your requirements are and the resultant implementation you have in hand.

What's my experience with pricing, setup cost, and licensing?

Follow the general guidelines; there are no traps.

What other advice do I have?

Capture your intentions as requirements and do not lose the requirements. Test the resulting implementation to confirm it meets requirements as documented. Any changes based on test-driven development need to be properly documented and approved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558519
Chief Strategist at Mainframe analytics
Vendor
This product ensures that data is handled only by those who should be handling it and only in the way that they should be handling it.

What is most valuable?

This product provides excellent quality for security in the mainframe environment.

How has it helped my organization?

Basically, it ensures that data is handled only by those who should be handling it and only in the way that they should be handling it.

This product provides visibility and security as to how the data is being used.

What needs improvement?

There is always room for improvement in this product.

If possible, I would recommend to have an Eclipse interface which can provide simplicity in programmable access. This will help in putting together more flexible solutions that interact with the mainframe.

I am deeply impressed with the quality and depth and breadth of security and functionality in CA’s ACF2 and Top Secret products, but being as I was at CA World and answering a survey, I tried to think of a creative way for these products to be even better, and what came to mind is that more and more application-relevant mainframe solutions are getting Eclipse interfaces.

While CA’s DSI (Distributed Security Integrator) certainly provides a depth and breadth of functionality for distributed applications talking to mainframe security, I think there’s an opportunity to approach it from the other side of this coin as well, giving distributed applications developers greater ease of including security integration in their mainframe-resident applications from a development-environment perspective. Having an environment that is automatically “aware” of the security calls, resources, fields, arguments, etc., in mainframe security can encourage developers to think of security earlier on in the process and more comprehensively and validly when they’re dealing with these features in their mainframe applications.


What do I think about the stability of the solution?

It is 100% stable.

What do I think about the scalability of the solution?

The product is scalable. The largest mainframe shops can use it.

How are customer service and technical support?

The technical support is outstanding.

Which solution did I use previously and why did I switch?

We were not using any other previous solutions. ACF2 is the original, high quality mainframe security solution.

How was the initial setup?

I haven’t been involved in the initial installation but I understand it is a very reliable product to install.

What other advice do I have?

Make sure that your people are well trained so that they understand the product properly, before they implement it.

Reliability, responsiveness and quality are important criterias to look for when selecting a vendor.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Quick Links