Improve auditing of NetAccess rules

z/OS® V2R1 Communications Server introduces control over the level of caching that is used for network access control checks. You can reduce the level of caching to pass more network access control checks to the System Authorization Facility (SAF). Passing more network access control checks to SAF allows the security server product to provide more meaningful auditing of access control checks.

z/OS V2R1 Communications Server enhances the log string provided to the security server product on each network access control check to include the IP address that the user is attempting to access.

Improving the auditing of NetAccess rules

To improve the auditing of NetAccess rules, perform the appropriate tasks in Table 1.
Table 1. Improve auditing of NetAccess rules
Task Reference
Set the level of caching that is used for network access control checks by using the CACHEALL, CACHEPERMIT, or CACHESAME keyword on the TCP/IP stack NETACCESS profile statement. NETACCESS statement in z/OS Communications Server: IP Configuration Reference
Display the level of caching in effect for network access control checks. DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK in z/OS Communications Server: IP System Administrator's Commands
Parent topic: Security