If you have Extra-Sensory Perception, then you’ll know that the ESP I’m talking about here is Enhanced Security Profiles. More specifically, it’s Enhanced Security Profiles for OS 2200, a service introduced about eight years ago by the Unisys USA Client Support Center. ESP gives you the ability to enforce virtually any OS 2200 password rules you want for TIP Session Control, Demand, and Business Information Server (BIS) logons.
For example, ESP can enforce any of these requirements that might be part of your company’s password policy:
You can also display the password strength when a user enters a password and give the user the option to use that one or try again.
ESP enforces the password policy using a custom Authentication Module that plugs into the OS 2200 User Authentication product (called FLEX for short, based on its original name: Flexible User Authentication).
Several of the early adopters of ESP used it to make their OS 2200 password policy comply with requirements from the Payment Card Industry Data Security Standard – requirements that cannot be met with standard Exec password enforcement.
ESP evolved in response to the requirements of clients who subscribed to this service, taking its capabilities beyond the focus on the password syntax and tracking password reuse to offer choices of lifecycle policies and operational settings. Here are a few of the options:
ClearPath OS 2200 Release 15 includes the next step in the evolution of ESP. In this release, the features of the ESP service have been incorporated into Configured Password Profiles (CPP). CPP is delivered as Authentication Module 19 (AM19) with FLEX, and its administrative interface is part of Apex, a new product introduced in Release 15.
From a business standpoint, the most significant difference between ESP and CPP is that CPP is now a standard product release, not a custom service. The ESP design and code became the starting point for CPP, with license management code removed; CPP support follows the same processes as the rest of Release 15. Furthermore, when your password policy changes, instead of contacting the Client Support Center to make changes to your ESP configuration, your own administrator makes changes to the CPP configuration using Apex. Current ESP users can use ESP and CPP concurrently as they make the transition to CPP.
By offering Configured Password Profiles as a standard product, we hope to increase awareness of this powerful feature set while boosting the security capabilities of the standard ClearPath OS 2200 release.
For more information about Configured Password Profiles, refer to the ClearPath OS 2200 User Authentication Administration Guide (7850 4586–008) and the ClearPath OS 2200 Apex Help (8207 4154).