CA ACF2 Reviews

We use it in our company for our mainframe. It is used for authenticating users and giving users access to profiles and various resources. So, it is for authentication and giving access to users, and it also does logging and things like that.

It is currently hosted in-house. We are using its latest version. We are always on current versions.

It captures and helps with security. You get some type of audit trails using which you could do a follow-up. There are certain tools that you can configure to produce different types of metrics for senior management for making decisions. These are the ways in which it has helped us.

Logging and monitoring are most valuable. It is for the mainframe environment, and it is at the forefront for security and resilience.

They can work on its ability to work in a distributed environment. It's a mainframe product. As many companies move to the cloud, depending on what cloud models they choose, such as a public, hybrid, or private cloud, it should be deployable. I am not sure if it can be deployed on those platforms. 

It has been there since the '50s or '60s, and it's still scalable. It has survived all these years, and it's scalable to many platforms, but I don't know about the cloud.

I have been using this solution since 2003. I was working at a different company, and I used it there. We also use it in my new company. It is our security platform.

It is very stable, but it also depends on the system administrators who configure the product. As long as it is configured with security in mind, it's a stable product.

It is scalable. Many people can be deployed on it. It has been used ever since I've been here.

It is providing security for all mainframe environments. We have 2,000 employees. For authenticating to the applications on the mainframe, everyone has to go through ACF2. When people leave the company, we have to delete the users. When people come in or change roles, they go through ACF2. This is our main security manager.

I am not on the development side, so I don't interact with them, but it looks like a stable product. We probably get the best technical support.

It was straightforward. I'm not in the division that deployed it. I only reviewed the security assessment on the product.

There are some in-house developers, and there is also a consultant who comes from the product team. They coordinate together to put the product in place.

It is a good product. It has been used for years. As long as it is configured correctly, it is a very stable product. It depends on how an institution or a company configures it. It depends on an institution's risk appetite. You need to make sure it is configured as per the concept of least privilege, and the logging features, detection and control mechanism, and other things like that are enabled. If you configure it to give access to the public, then there could be compromises. You should also have someone who independently checks it to make sure that it is configured keeping security in mind.

If it has been configured for a while, when there are enhancements to the product or when you enhance it, you need to make sure that security is also looked at, and it is configured according to an institution's security policies.

I would rate it a nine out of 10.