Control user ID and passwords for increased network security

Increase network security by limiting users to permitted applications via a user ID and password

NC-Pass enables you to increase network security by directing users via user ID and passwords to permitted applications only. NC-Pass gives you full control of logins, passwords and profiles from existing CA-ACF2, RACF, or CA-Top Secret databases. Plus, you can protect sensitive information by requiring users to provide additional personal token authentication information either at the application level, at the transaction level, or both.

  • Increase your organization’s security by permitting or denying connection to specific applications
  • Restrict terminal use to specific users and only for specific applications
  • Limit full use of SME facility to non-sensitive applications, unless allowed by SME table
  • Audit every action to central host, SMF or VSAM archive datasets


  • Flexible transaction-level interface (TLI) – NC-Pass broadens your organization’s security beyond the VTAM network front end to your user's business transaction. You can implement user authentication through the TLI from any point in the network by using the TCP/IP TLI.  You can also use the TLI to request user ID and password validation from within the transaction, thus protecting sensitive transactions in excess of a certain value.
  • Home node processing – NC-Pass databases can be held on individual nodes supporting definitions for users and terminals assigned to that node in multi-node networks.  Your users can specify the name of the machine to be authenticated if connecting to a node that is not their regular connection machine. Home node processing is especially beneficial on large networks where users need access from home and remote locations.

Choice of three levels of NC-Pass for MVS systems

For MVS systems, you can choose from three levels of NC-Pass:

  • NC-Pass VSSE (VTAM Session Security Exit) with the VTAM Session Management Exit (SME), you can allow only authorized connections. It controls which LU-to-LU sessions VTAM will allow or deny. Includes application-to-printer, peer-to-peer, terminal-to-application, and network job entry (NJE) sessions.
  • NC-Pass Secure gives your organization active network security and information protection by limiting users to permitted applications only, via user ID and passwords. It also includes the features of NC-Pass VSSE, enabling you to protect sensitive applications with user ID.
  • NC-Pass Authenticator incorporates the full range of NC-Pass Secure features, and also includes three-factor authentication using personal devices. This option allows you to validate a user's identity via a user ID, a personal device-generated code and a user-changeable password.


Software environment

  • IBM OS/390 or z/OS
  • IBM OS/390 Security Server (RACF)
  • CA-ACF2
  • CA-Top Secret
  • VTAM
  • JES2 and JES3


  • ActivCard X9.9
  • Defender
  • CryptoCard
  • Racal Safe S220
  • RSA SecurID
  • Digiline DigiPass
  • Defender Go-1 and Defender Go-3