The objective of this service offering is to migrate a subset of the mainframe security environment acquired from XYZ Corp. into the existing BigCo Information Security (BIS) environment.
Specifically, this migration requires the conversion of XYZ security information, based on the ACF2 security product, into the format of the Top Secret (TSS) security system used throughout BigCo. To best achieve this one-time migration, consultants will be exploited who has product and conversion expertise with both the ACF2 and TSS security systems. The consultant(s) will assume support of the XYZ security system and maintain this role throughout the migration to allow BigCo to free and redirect the staff that currently maintains this system. The migration is estimated 59 man-days or approximately 2½ to 3 calendar months. Specific tasks to be performed during this service include…
1.
Project
Planning
q Research and Discovery
q Creation of a comprehensive project plan
2.
Implementation
q TSS product installation, if required
q ACF2 data extraction
q ACF2-to-TSS data conversion
q ACF2-to-TSS interfaces conversion
q System checkout / Pre-acceptance testing
3.
Acceptance
q Acceptance testing without end-users
q Acceptance testing with end-users
q Actual production cutover
4.
Post
Acceptance
q Onsite initial support and monitoring
q Materials turnover
q Project wrap-up
1. Project Planning
q
Research
& Discovery
Estimated 6 man-days
The consultant(s) will first research, identify and
enumerate the elements and milestones required by this project. Two elements are already known and
noteworthy: First, security rights are
organized using vastly different schemes in ACF2 versus TSS. ACF2 rights are based on dynamic, run-time,
user-groupings whereas TSS rights are based on fixed user groupings known as
user Profiles. To perform the
conversion, various conversion methods will be considered and evaluated by the
consultant(s) and the key elements of the best methods will be presented for BigCo acceptance.
Second, only a very small subset of the huge ACF2 environment received
from XYZ requires retention. The
consultant(s) will consider methods for identifying and extracting the required
subset. The following table summarizes the large amounts of items received
versus items estimated to be required.
Additionally, the consultant(s) will investigate and research USERMOD
interfaces currently utilized in ACF2, identify and inventory these, and
confirm that they can be replicated in the TSS format.
|
Type of Security
Definition |
# Received from XYZ |
# Estimated to be Converted / Retained |
|
Userids |
57,612 |
1,000 |
|
Datasets: # of secured high-level
qualifiers |
4,462 |
200 |
|
Datasets: # of Rights/Rules/Permissions |
82,902 |
4,000 |
|
Secured resources: # of secured/registered
qualifiers |
8,027 |
750 |
|
Secured resources: # of Rights/Rules/Permissions |
85,214 |
4,000 |
Other issues that will be researched and outlined
during this phase include:
i.
The concern of differing userid
naming standards and its impact if any.
ii.
The issue of the known difference in approach
for administering TSO (UADS) security
iii.
The concern for compatible coverage over the new
environment using BigCo’s RARF security
administration system
iv.
The concern of impact when merging this
environment into an existing BigCo TSS
environment. For example, *ALL* record
impact.
q
Creation of a
Project Plan Estimated 3 man-days
The consultant(s) will create a comprehensive
project document. This document will
organize and list the tasks and challenges discovered above. For each item, the document will summarize
the requirement and then detail the agreed-upon course of action/resolution.
This document will contain a project timeline that will summarize and track
project tasks, major milestones, estimated hours, assigned resources, and
scheduled completion dates. Once
created, this document will be maintained throughout this project using time
allowed by this estimate. The project plan is account for work to be done by
the Encompass staff: JCL changes, testing, analysis etc. Project plan to show the
time and effort needed by the Encompass staff and end users.
2. Implementation
q
TSS Product
Installation Estimated 3 man-days
The consultant(s) will install a current version of the TSS security product and CA90s software on a single system to facilitate the ACF2-to-TSS conversion if required. Currently, this task does not appear to be needed as several “test systems” appear available into which the ACF2 materials can be imported and tested throughout this project.
q
ACF2 Data
Extraction
Estimated 10 man-days
As noted earlier, a significant aspect of this conversion is that only a small subset of the enormous ACF2 environment received from XYZ requires conversion. In critical areas, such as with the dataset and resource rules, the required subset is not easily and obviously identifiable. The consultant(s) will develop a method so that the final conversion involves only the smallest subset of security information required; to the extent that the consultant(s) can best identify that subset. This identification and or pre-elimination of unneeded information will require large one-time effort. However, addressing this now, avoids subsequent long-term and ongoing administration and management concern over this information. Overall therefore, the size of the converted subset will become a key measurable, that will be reported upon, as one gauge of the success of this project.
q
ACF2-to-TSS
Security Conversion
Estimated 10 man-days
Having earlier identified the best method for reorganizing the security rights, and having identified the subset requiring conversion, the consultant(s) will perform the data conversion from ACF2-to-TSS format. As may be required, the consultant(s) will develop, test, and execute automated programs to complete this task. During this task, will produce one or more batches of TSS administration commands that will be reviewed and then executed to transfer the current ACF2 environment into a new or existing TSS database. The intent is to convert the existing level of security into the new environment without a noticeable change in security operation, enforcement or auditing.
q
ACF2-to-TSS
Interfaces Conversion Estimated 8 man-days
Customized, XYZ-developed, Application Program Interfaces (API’s) currently exist that integrate this system with ACF2… beyond that normally provided by ACF2. The consultant(s) will research and identify all such, customize-added interfaces and develop a conversion for them to TSS format. It is suggested that the source code for the custom interfaces no longer exists. The consultant(s) will therefore use advanced skills to de-code and understand the existing interfaces and re-code these interfaces to fit TSS format.
q
System checkout
/ Pre-Acceptance testing Estimated 4 man-days
The consultant(s) will perform the initial checkout and verification of the converted system. The consultant(s) will verify security operation including sign-on, batch submission, password accuracy, administration, and system performance and stability. Testing will involve iterations where the conversion will be refined until the system passes quality assurances. The consultant(s) will provide BigCo with a summary of the tests performed by so that BigCo can evaluate the extent and scope of the consultant’s initial tests.
3. Acceptance
q
Acceptance
testing without end-users Estimated 3 man-days
For this task, the consultant(s) will prepare and support the converted system for initial verification and pre-acceptance tests by BigCo Information Security (BIS) staff. If required, this will include weekend support. If required, the consultant(s) will provide knowledge transfer and / or informal training on the new environment to BIS staff. This test is not to include end-users or production work. This task will require BigCo staff resources.
q
Acceptance
testing with end-users Estimated 3 man-days
The consultant(s) will prepare and support the converted system for end-user testing and verification. The time estimate allows for one weekend test. This end-user test is not to include production work. The consultant(s) will provide onsite support including weekends for this task. No end-user training is expected and therefore none has been included. This task will require BigCo staff resources.
q
Production
cutover Estimated 3 man-days
The consultant(s) will prepare and support the converted system for the final production cutover. The estimate is for two man-days to prepare for the final cutover and one day to verify its successful production launch and activation. If required, this will include weekend work. BigCo staff will be required to attend the production activation.
4. Post Acceptance
q
Onsite
initial support and monitoring Estimated 3 man-days
Following the production cutover, the consultant(s) will provide close support and monitoring of the new environment. Estimated are three man-days of onsite follow-up support by the consultant(s). This will include onsite support during normal business hours and 24-hour on-call support throughout the follow-up period.
q
Materials
turnover Estimated 2 man-days
To ensure a successful project close, the
consultant(s) will organize and cleanup the materials used to support the
project and will then provide a turnover of materials to BigCo. A list of all materials will be provided to BigCo to represent the formal turnover. Final knowledge transfer and / or informal
training will be provided to BIS staff at this time if required.
q
Project
wrap-up Estimated 1 man-days
A final onsite meeting will be held with BigCo to ensure that objectives of the project were met and understood. The consultant(s) will prepare any final documents and / or instructions related to the new environment. Any remaining materials including all BigCo badges, equipment and documents will be returned at this meeting.