Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Security guide for OpenVMS

Wim Van den Wyngaert
Honored Contributor

Security guide for OpenVMS

For SOX, we need to write a security guide.
We have a template from the Unix platform.

Does any one have a guide that he can/may post or mail to myname@ing.be(myname : . after first name, use a - to replace the blanks in my last name).

Subjects :
Security model in short.
Network access regulations (all protocols, secices and additional secured services).
User creation, ...

Wim
Wim
5 REPLIES
Jon Pinkley
Honored Contributor

Re: Security guide for OpenVMS

Bruce Claremont of Migration Specialties Inc. has some stuff over at www.openvms.org you may be interested in looking at.

In the featured articles section you will find "Using OpenVMS to Meet a Sarbanes-Oxley Mandate" which has two parts.

A related article "Adventures in Consulting: OpenVMS System Login Parameters Sheet for Site Security Manual" has some useful info as well.

http://www.openvms.org/stories.php?story=06/07/14/4624233
it depends
Hoff
Honored Contributor

Re: Security guide for OpenVMS

Pointers to US Federal Guidelines for OpenVMS and other security- and OpenVMS-related are in the http://64.223.189.234/node/43 OpenVMS Security Checklist article.
Colin Butcher
Esteemed Contributor

Re: Security guide for OpenVMS

Hello Wim,

Such security policy documents tend to be very site and environment specific if they're going to be of real value. Sure, there are general principles that you can apply, but creating that kind of policy document requires a reasonable understanding of the way the business functions as well as how it makes use of the various systems and processes.

I suspect you'll just have to do the necessary work yourslves, or if you don't have the internal resources or abilities then you'll have to bring someone in to help you do it. Hoping to borrow and plagiarise someone else's security policy documents would probably be just as much work and may well not succeeed as well as creating your own in the first place. I'm also not sure that many other companies would be willing to share that level of knowledge about their systems with you.

Cheers, Colin (http://www.xdelta.co.uk).
Entia non sunt multiplicanda praeter necessitatem (Occam's razor).
Robert Gezelter
Honored Contributor

Re: Security guide for OpenVMS

Wim,

Having worked on many security guidelines of many types over the years, I must echo Colin's comments.

The "OpenVMS Guide to System Security" is a good place to start, insofar as the capabilities of what CAN be done.

The US Federal guidelines (referenced by Hoff, if I recall correctly) are also quite useful, in terms of what is considered appropriate in the US Federal context with the capabilities described in the Guide to System Security.

The UNIX template from your firm is also useful, in that it will give you an example of what your firm's management structure has already had blessed (or is in the process of "blessing").

If I were preparing an OpenVMS set of guidelines, I would use the firm-specific UNIX guidelines as a rough guide (the actual policy documents that they are based upon would be far more useful, and for that matter, appropriate).

However, I would be careful about facets of the UNIX policies that are peculiar to UNIX, as well as OpenVMS areas that do not exist in the UNIX space, for these are the areas where there will, of necessity, be differences.

It is hard to speak of these in the generic sense, since almost every one has been different, in one aspect or another.

- Bob Gezelter, http://www.rlgsc.com
Wim Van den Wyngaert
Honored Contributor

Re: Security guide for OpenVMS

Not what I was looking for but a very intresting document.
http://www.ncms-emeraldcoast.org/securemyis/download/SEC-W-0024-OpenVMS.doc

Wim
Wim