IBM is constantly enhancing functions or adding new functions to RACF. Read on:

  • Password Security Enhancements

    A number of significant enhancements to password and password phrase security are available with new function APAR OA43999 on z/OS V1.12 and higher! These new functions include:
    • A stronger encryption algorithm for passwords and password phrases

    • Support for 14 additional special characters in passwords

    • The ability for a user to have a password phrase without a password
    • A new password syntax control that requires a password to contain at least one character from each of four different categories: upper case letters, lower case letters, numeric digits, and symbolic characters

    • The ability to expire a user's password without changing its value

    • An ALTUSER command function to "clean up" after lowering the SETROPTS(PASSWORD(HISTORY(nn)) value.

Details on this new function can be found at

  • New and Updated RACF Health Checks

    With new function APARs OA44696 and OA45608 RACF is:

    • Updating the RACF_SENSITIVE_RESOURCES check to examine the access protections on your ICSF data sets

    • Introducing the RACF_PASSWORD_CONTROLS check to examine your setting for password history, mixed case passwords, and the maximum number of days that a password or password phrase is valid

    • Introducing the RACF_ENCRYPTION_ALGORITHM check to examine the return codes from your ICHDEX01 exit to ensure that at least DES-only encryption is being used for passwords and password phrases on your system.

  • z/OS Version 2 Release 1

    z/OS V2.1 is available! This release includes these new RACF functions:
    • IPv6 and transport layer security (TLS) 1.2 cipher suite support for the RACF Remote Sharing Facility (RRSF).
  • TCP/IP support for the RACF Remote Sharing Facility (RRSF)
  • Support hardware-generated Elliptic Curve Cryptography (ECC) secure keys
  • RACF support is planned for generating Elliptic Curve Cryptography (ECC) secure keys using the Crypto Express3 Cryptographic Coprocessors (CEX3C) available for zEnterprise servers.