Managing the system for Information System Security Officers

Edit online

A Trusted AIX® system is managed by the coordinated activities of ISSO, SA, and SO users.

During Trusted AIX installation, three default user accounts of isso, sa, and so are created (if these accounts are not already present in the case of migration from regular AIX to Trusted AIX). These users are associated with the isso, sa and so respectively.

Note: The default accounts are only intended for the initial setup and configuration of a Trusted AIX system. It is recommended that these roles be assigned to other regular users. After these roles have been assigned to other users, the default user account can be removed. See Installation and migration for more information on Trusted AIX installation.

ISSO activities

The primary responsibility of the Information System Security Officer (ISSO) is security administration of the system. Only a user with ISSO authorization can perform ISSO activities. These activities include:
  • Planning, implementing, and enforcing site security policy
  • Establishing system-wide defaults for user clearance, authorizations, privileges, login controls, and password parameters
  • Setting up user authentication profiles reflecting the level of trust placed in users when user accounts are created by the system administrator
  • Assigning security attributes, SLs, and TLs to devices such as terminals, printers, removable disk drives, and magnetic tape drives
  • Assigning security flags, labels, privileges, and authorization sets to files
  • Recovering the system to a trusted state in the event of a system failure