Coming October 25: PeerSpot Awards will be announced! Learn more

CA ACF2 OverviewUNIXBusinessApplication

CA ACF2 is #1 ranked solution in top Mainframe Security tools and #4 ranked solution in top Database Security tools. PeerSpot users give CA ACF2 an average rating of 9.0 out of 10. CA ACF2 is most commonly compared to IBM Resource Access Control Facility: CA ACF2 vs IBM Resource Access Control Facility. CA ACF2 is popular among the large enterprise segment, accounting for 83% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 25% of all views.
What is CA ACF2?

CA ACF2™ for z/OS provides innovative, comprehensive security for your business transaction environments—including Linux, UNIX and z/OS on System z—helping you realize the reliability, scalability and cost-effectiveness of the mainframe. CA ACF2 provides an Advanced Authentication Mainframe feature, system entry validation, resource control, auditability, accountability, and administrative control. In conjunction with distributed security solutions from CA Technologies, CA ACF2 provides mobile-to-mainframe enterprise class security and compliance management.

CA ACF2 Customers

Sky, Rogers Communications

CA ACF2 Video

CA ACF2 Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
IT Examiner at a financial services firm with 10,001+ employees
Real User
Leaderboard
A reliable, scalable product for security and auditing of our mainframe environment
Pros and Cons
  • "Logging and monitoring are most valuable. It is for the mainframe environment, and it is at the forefront for security and resilience."
  • "They can work on its ability to work in a distributed environment. It's a mainframe product. As many companies move to the cloud, depending on what cloud models they choose, such as a public, hybrid, or private cloud, it should be deployable. I am not sure if it can be deployed on those platforms. It has been there since the '50s or '60s, and it's still scalable. It has survived all these years, and it's scalable to many platforms, but I don't know about the cloud."

What is our primary use case?

We use it in our company for our mainframe. It is used for authenticating users and giving users access to profiles and various resources. So, it is for authentication and giving access to users, and it also does logging and things like that.

It is currently hosted in-house. We are using its latest version. We are always on current versions.

How has it helped my organization?

It captures and helps with security. You get some type of audit trails using which you could do a follow-up. There are certain tools that you can configure to produce different types of metrics for senior management for making decisions. These are the ways in which it has helped us.

What is most valuable?

Logging and monitoring are most valuable. It is for the mainframe environment, and it is at the forefront for security and resilience.

What needs improvement?

They can work on its ability to work in a distributed environment. It's a mainframe product. As many companies move to the cloud, depending on what cloud models they choose, such as a public, hybrid, or private cloud, it should be deployable. I am not sure if it can be deployed on those platforms. 

It has been there since the '50s or '60s, and it's still scalable. It has survived all these years, and it's scalable to many platforms, but I don't know about the cloud.

For how long have I used the solution?

I have been using this solution since 2003. I was working at a different company, and I used it there. We also use it in my new company. It is our security platform.

What do I think about the stability of the solution?

It is very stable, but it also depends on the system administrators who configure the product. As long as it is configured with security in mind, it's a stable product.

What do I think about the scalability of the solution?

It is scalable. Many people can be deployed on it. It has been used ever since I've been here.

It is providing security for all mainframe environments. We have 2,000 employees. For authenticating to the applications on the mainframe, everyone has to go through ACF2. When people leave the company, we have to delete the users. When people come in or change roles, they go through ACF2. This is our main security manager.

How are customer service and support?

I am not on the development side, so I don't interact with them, but it looks like a stable product. We probably get the best technical support.

How was the initial setup?

It was straightforward. I'm not in the division that deployed it. I only reviewed the security assessment on the product.

What about the implementation team?

There are some in-house developers, and there is also a consultant who comes from the product team. They coordinate together to put the product in place.

What other advice do I have?

It is a good product. It has been used for years. As long as it is configured correctly, it is a very stable product. It depends on how an institution or a company configures it. It depends on an institution's risk appetite. You need to make sure it is configured as per the concept of least privilege, and the logging features, detection and control mechanism, and other things like that are enabled. If you configure it to give access to the public, then there could be compromises. You should also have someone who independently checks it to make sure that it is configured keeping security in mind.

If it has been configured for a while, when there are enhancements to the product or when you enhance it, you need to make sure that security is also looked at, and it is configured according to an institution's security policies.

I would rate it a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user