To provide data and system security, the security administrator and security auditor need to set up and maintain security. z/OS UNIX provides security mechanisms that work with the security offered by the z/OS system. A security product is required, either RACF® or an equivalent security product. It is assumed that you are using RACF. If you are using an equivalent security product, you should refer to that product's documentation. If you do not have a security product, you must write SAF exits to simulate all of the functions.

Your installation might need to meet the United States Department of Defense Class C2 criteria specified in Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD. RACF provides the system integrity and user isolation required to meet the requirements for C2-level security.

Additionally, multilevel security functions for z/OS systems build on the work done on MVS™ to meet the B1 criteria. Using multilevel security, an installation can provide a high level of security on a z/OS system. For more information about multilevel security, refer to z/OS Planning for Multilevel Security and the Common Criteria.

When supported by the installed security products, mixed-case passwords and password phrases are also supported by BPX1PWD, BPX1SEC, and BPX1TLS callable services.