On Tue: 3/7 Edward Gill write:
 
>  We are currently looking for a security package for our 992/100 and I am
>  hoping that a few of you, that have already gone through this, would be
>  willing to share your findings with me...
 
[...snip...]
 
You didn't indicate the level/type of security you were trying to achieve?
The DOD standards offer several different levels and it wasn't clear whether
or not your goal was to achieve a certain level.  Most sites shoot for the
"C-2" level of security unless their situation dictates otherwise.
 
Site's I'm involved in have both the Vesoft products and the Monterey product.
Both products provide authorization and authentication control mechanisms.
However, given that our audit perspective is based upon 'Blue Iron', we needed
to provide ACF2/RACF-type of granular file access controls consistent with
large data centers for our HP data centers.  Currently Monterey's product
is the only tool that provides mainframe-type security capabilities to
meet this type of requirement.  So if you're headed in this direction, you
may want to also look at SAF/3000 from Monterey.
 
-- Jerry