Managing the system for Information System Security Officers
A Trusted AIX® system is managed by the coordinated activities of ISSO, SA, and SO users.
During Trusted AIX installation, three default user accounts of isso, sa, and so are created (if these accounts are not already present in the case of migration from regular AIX to Trusted AIX). These users are associated with the isso, sa and so respectively.
Note: The default accounts are only intended for the initial setup and configuration
of a Trusted AIX system. It is
recommended that these roles be assigned to other regular users. After these
roles have been assigned to other users, the default user account can be removed.
See Installation and migration for more information
on Trusted AIX installation.
ISSO activities
The primary responsibility of the
Information System Security Officer (ISSO) is security administration of the
system. Only a user with ISSO authorization can perform ISSO activities. These
activities include:
- Planning, implementing, and enforcing site security policy
- Establishing system-wide defaults for user clearance, authorizations, privileges, login controls, and password parameters
- Setting up user authentication profiles reflecting the level of trust placed in users when user accounts are created by the system administrator
- Assigning security attributes, SLs, and TLs to devices such as terminals, printers, removable disk drives, and magnetic tape drives
- Assigning security flags, labels, privileges, and authorization sets to files
- Recovering the system to a trusted state in the event of a system failure