Kentucky-Ohio-Indiana RACF Users Group


General Information:

KOIRUG was created in 2003 to serve the professional education needs of the RACF community in Kentucky, Ohio, and Indiana. We typically hold full-day meetings twice a year. KOIRUG usually meets in the Cincinnati area.


Points of Contact:

Barb Rhoads, Cincinnati Financial

Sandra Carroll, Nationwide

Jay Burrows, Transamerica

Bob Hansel, RSH Consulting, Inc.


Upcoming Meeting:


Thursday, May 9, 2019  ***  Sponsored by SSH and SDS


Location: Cincinnati Financial Corporation

6200 S. Gilmore Rd., Fairfield, Ohio 45014


Time: 9 a.m. - 3:30 p.m.          (Registration begins at 8:30 a.m.)


Cost: ** Free **



Advanced Registration is requested to ensure sufficient refreshments and handouts are available.


To register, click on the following link.

Eventbrite - KOIRUG Spring 2019


To request WiFi access at the meeting, please email KOIRUG-WiFi.


To notify us of a registration cancellation, please email KOIRUG-Cancellation.



Certificate 101

     Sandra E. Carroll, Nationwide

Securing your FTP Transmissions on z/OS

     Colin van der Ross, SDS

RACF Healthchecks

     Robert S. Hansel, RSH Consulting

High Expectations: Our Systems are (or could be) Like Airplanes

     Mark Nelson, IBM

What’s New in RACF in z/OS V2R4?

     Mark Nelson, IBM




Certificate 101

This is an overview of certificates. We will discuss what a certificates role is, how they are used and misconceptions of their use Lifecycle of a certificate. Issuing, renewing, revocation including a certificate revocation list (CRL). Basics of use with TLS and AT-TLS.


Securing your FTP Transmissions on z/OS

FTP is a readily available, convenient, and inexpensive technology to transfer files and data sets between z/OS and a virtually unlimited number of other operating system platforms. This session will explore a wide range of aspects related to how FTP works on z/OS with a focus on how you can secure both the FTP environment itself and the individual data transfers that z/OS FTP participates in both as a client and as a server. We will discuss the following topics in this session.

Why is FTP so Vulnerable?
Know Which Problem You Need to Solve
Discuss the Pros and Cons of each solution
Discuss when and where it makes sense to use / implement each solution
Time permitting a live demo of one of the solutions we discussed


RACF Healthchecks

Learn about the Healthchecks for RACF. Bring the output from the following z/OS Healthcheck report utility for review during the presentation. Request that all RACF Healthchecks be activated before the report is generated, especially the report "Sensitive General Resources Report".

//jobname JOB (account),'username',CLASS=x,MSGCLASS=x

High Expectations: Our Systems are (or could be) Like Airplanes

The information technology industry and the aviation industry have many common characteristics: Both are about the same age, both have enjoyed explosive growth, both serve a mix of uses, both are a complex combination of people, processes and technology, and both are essential to our way of life. Can we as information security practitioners learn from the aviation industry to help us better manage our environments?


What’s New in RACF in z/OS V2R4?

In this session, we’ll discuss the new RACF features that are in the z/OS V2.4 Preview Announcement that are of interest to all RACF installations, specifically:
• PassTicket Enhancements
• Custom Fields Enhancements
• R_Admin & IRRXUTIL Enhancements
• ACEE Modification Detection
• Pervasive Encryption
• Identity Token Support



Sandra E. Carroll, Nationwide

Career in IT since 1986, starting in back office support, moving to Windows, RS6000 support then finally to Mainframe in 1999 where I became the one person for everything from OMVS to TCP/IP, IMS, DB2, MQ , TSS and WebSphere. Enjoyed TSS work and kept a security background working with ACF2 and RACF for then Bank one. Continued working on those to my current roll and Security Engineer where I earn my CISSP and work towards securing the mainframe environment. Security Engineering is the roll between a Security Architect (which I fill this role at times) and ID Administration.


Colin van der Ross, SDS

Colin van der Ross is a Senior Systems Engineer working at Software Diversified Services. His experience ranges from TCPIP, Network Management, Security and Network performance solutions. Prior to working for SDS, Colin worked at a large Bank where he was a Systems programmer specializing mainly on the network area for more than 20 years.


Robert S. Hansel, RSH Consulting

Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc. He began working with RACF in 1986 and has been a RACF administrator, manager, auditor, instructor, developer, and consultant. Mr. Hansel is especially skilled at redesigning and refining large-scale implementations of RACF using role-based access control concepts. He is a leading expert in securing z/OS Unix using RACF. Mr. Hansel has created elaborate automated tools to assist clients with RACF administration, database merging, identity management, and quality assurance.


Mark Nelson, IBM

Mark Nelson, CISSP, CSSLP, Senior Software Engineer, is a 37-year IBM veteran, having spent the past 32 years on the RACF Design team in Poughkeepsie, NY, working on auditing and data analysis (IRRDBU00, IRRADU00, RACFICE), RACF's Health Checks, RACF/DB2, support for encrypting access methods and RACF's support for digital certificates, among other projects. Mark started as student of electrical engineering at the Polytechnic Institute of New York (now a part of NYU) where he discovered the joy of programming on a System/360 Model 65 and quickly switched to computer science. .” Mark is a co-author of the book “Mainframe Security for Security Experts: An Introduction to RACF”. Mark was inducted into the zExchange Superheros in 2017 and is an adjunct instructor at Marist College on z/OS security. Mark is the director of the MHV IBM Club Chorus and a private pilot.



Barb Rhoads

 - Phone: 513-870-2000 x4457

 - Email: Barb_Rhoads@cinfin.com



Cincinnati Financial is located on S. Gilmore a short distance north of the I-275 Cincinnati Beltway at Exit 39. Look for Forrest Park Exit North (Cincinnati Mills mall (Bass Pro Shop)). Cincinnati Financial is approximately one block north of the shopping mall on the right.


See www.mapquest.com for more information to get to the Cincinnati Financial. (This link takes you right to the site map.)


Park in the Visitor's parking in the front of the building. If no visitor spots are available, you may use the parking in the rear of the building.


See the receptionist in the main lobby upon entry to the building to sign in. If you enter at either of the rear entrances, you will be escorted to the main lobby. From the main lobby, you will be escorted to the meeting location.


For questions related to the meeting location, contact Barb Rhoads

 - Phone: 513-870-2000 x4457

 - Email: Barb_Rhoads@cinfin.com




Hotels in the immediate vicinity of Cincinnati Financial:

Hampton Inn - 513-942-3440

Comfort Suites - 513-825-9035

SpringHill Suites Cincinnati North Forest Park - 513-551-5028



Past Meetings Agendas:

Dates, sponsors, topics, and speakers from our past meetings.


RACF is a trademark of International Business Machines Corporation.

Webpage provided courtesy of RSH Consulting, Inc.