Back to Courses

Security – Introduction to Mainframe Security z/OS 2.5


5 hours



This course provides the learner with a basic understanding of z/OS security. It introduces basic security concepts as they relate to z/OS, including the reasons for security, physical security and the Logon ID. It covers both traditional z/OS security issues such as data set protection and TSO/E, together with recent developments including LDAP and passphrases. Sections on security auditing, event recording, and a detailed explanation of the Authorized Program Facility (APF) are also covered.


Introductory modules are provided for any personnel requiring an introduction to mainframe security for z/OS, z/VM, or z/VSE. Later modules are specifically for security administrators and z/OS system auditors.


Successful completion of the following Interskill courses:

  • IBM (z/OS) – The Evolving Mainframe
  • IBM (z/OS) – Working with the Mainframe


After completing this course, the student will be able to:

  • Describe the resources that need to be secured on the mainframe
  • Explain the role of External Security Managers
  • Describe the purpose of the Logon ID
  • Identify the z/OS system products used for recording security-related data
  • Describe z/OS security audit requirements
  • Describe how the Authorized Program Facility is used to secure sensitive services

Course Content

Mainframe Security Basics

How Secure are Mainframes?
Mainframe Resources to Secure
User Identity
Security Requirements for Consoles, Files and Data Sets
Network Access and Encryption
Roles of External Security Managers for z/OS, z/VM, z/VSE, and Linux on IBM Z

z/OS Security Administration

Function of the Logon ID
Logon ID Management
Securing Data Sets and z/OS UNIX Files
Controlling Access to TSO/E, IMS, CICS, and Databases
Security Software Features
Security Administration Tools
Advantages of Using LDAP

z/OS Security Auditing and Recording

How the Operlog, Syslog, syslogd and IMS logs are Used
Purpose of the z/OS Systems Management Facility (SMF)
SMF Record Types
SMF Reporting
z/OS Security Auditing Requirements
Internal and External Audits
z/OS Auditing Tools

z/OS Authorized Program Facility

Why APF is Required
How a Task Becomes APF Authorized
Achieving APF Authorization
Listing APF Authorized Libraries
z/OS UNIX APF Authorization
Securing APF Data
Special Logons

Security – Introduction to Mainframe Security z/OS 2.5 Mastery Test