Db2

I'm looking for information on Db2 for LUW security compliance for things like HIPAA, SOC, ITAR, IRAP, and FEDRAMP. I found an excellent resource for Cloud compliance but am looking for information about the on-premises Db2. I couldn't find it in the online Db2 v11.5 documentation. The online Db2 for Cloud documentation had information but not on-premises. #Db2

------------------------------
John Susag
------------------------------

Hi John,

did you already check the cis benchmark for db2 ?

The benchmark is "under control" of Greg Stager, the db2 security chief architect. So it is well observed ;-)

I have got good experiences with it wihtin my customers and the acceptance of CSOs :-)

KInd regards

Ferdinand

------------------------------
Ferdinand Prahst
------------------------------

https://www.cisecurity.org/benchmark/ibm_db2

Hi John,

SOC, IRAP and FEDRAMP are cloud specific, so you won't find anything for Db2 on-prem.

ITAR doesn't seem to be a security compliance or certification, rather a law that IBM needs to comply with.  I don't have any information on that.

HIPAA - it's not something a software product can be certified against, as it involves organizational controls.  However, I believe Db2 has the necessary technical controls that a company can successfully use Db2 in a HIPAA environment.

I hope that helps.