TAPECOM labels tapes and handles labeled-tape requests in a labeled-tape environment. TAPECOM processes labeled-tape requests from other utilities such as BACKCOPY, BACKUP, and RESTORE.
Caution | A tape label is a record at the beginning of a tape that identifies the tape volume. |
The system operators need to use TAPECOM to:
Monitor labeled-tape messages
Display requests to mount tapes or to use tape drives
Accept or reject tape mount requests or requests to use tape drives
Display the status of tape drives
Label or relabel tapes in ANSI or IBM format
Create scratch tapes
Other users use TAPECOM to display:
The status of tape drives
The requests to mount tapes or to use tape drives
On G-series operating system, labeled-tape operations are managed via MEDIACOM, which is part of the Distributed Systems Management/Tape Catalog (DSM/TC) software system.
AP-ADVICE-TAPECOM-01 On G-series operating systems, MEDIACOM must be used for labeled-tape operations.
AP-ADVICE-TAPECOM-02 The Corporate Security Policy should detail procedures for validating requests for backup tapes and securing those tapes in a tape library.
AP-ADVICE-TAPECOM-03 Physical and procedural protection of the backup tapes is vital .
AP-ADVICE-TAPECOM-04 Access to TAPECOM should be the same as access to other tape utilities.
AP-ADVICE-TAPECOM-05 Access to TAPECOM should be restricted to users authorized to manage labeled tapes.
BP-FILE-TAPECOM-01 TAPECOM should be secured "UUNU".
BP-OPSYS-LICENSE-01 TAPECOM must be LICENSED.
BP-OPSYS-OWNER-01 TAPECOM should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 TAPECOM must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant access to TAPECOM object files to necessary personnel, and deny access to all other users.
BP-SAFE-TAPECOM-01 Add a Safeguard Protection Record to grant appropriate access to the TAPECOM object file.
TAPECOM allows users access to copy or destroy sensitive data on tape media. All of the commands in the following list manipulate tapes or the tape library.
ACCEPT
CLEAR BLPCHECK
CLEAR NLCHECK
DUMPLABELS
LABEL[IBM]
NEXTTAPE
REJECT
RELABEL[IBM]
SCRATCH
SET BLPCHECK
SET NLCHECK
UNLABEL
USETAPE
If a third party access control product is used to grant selected users access to TAPECOM, only the commands listed should be granted to privileged users. All other commands should be available for general use.
3P-ACCESS-TAPECOM-01 Use a third party access control product to allow the users responsible for using TAPECOM commands access as SUPER.SUPER.
3P-ACCESS-TAPECOM-02 Use a third party access control product to give the use of certain TAPECOM commands to a limited group of users only.
Discovery Questions | Look Here: | |
---|---|---|
OPSYS-OWNER-01 | Who owns the TAPECOM object file? | Fileinfo |
OPSYS-LICENSE-01 | Is TAPECOM licensed? | Fileinfo |
FILE-POLICY | Who is allowed to execute TAPECOM, BACKUP and RESTORE on the system? | Policy |
FILE-TAPECOM-01 | Is the TAPECOM object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
Related Topics
BACKUP
DSM/TC
RESTORE