z/OS Communications Server - Group home

Things you should know about z/OS Encryption Readiness Technology (zERT)

By Flora Gui posted Tue December 31, 2019 03:35 AM

zERT_new_header.pngCheck out this survey to provide your feedback on zERT.

z/OS Encryption Readiness Technology (zERT), a core capability of IBM Z pervasive encryption, is an important feature of z/OS V2R3 Communications Server.

zERT provides intelligent network security discovery and reporting capabilities by monitoring TCP and Enterprise Extender traffic for TLS/SSL, IPsec and SSH protection, as well as cleartext. It also writes information about the state of that protection to new SMF 119 records. Moreover, IBM zERT Network Analyzer, a new web-based interface on z/OSMF, available since December, 2018, helps you determine which z/OS TCP and Enterprise Extender traffic is or isn’t protected according to specific query criteria.

What does customers say about zERT?

  • Finanz Informatik
    • “zERT brings all the requested information that we need for our security business and to achieve our described security policy. I am using the zERT Reports in my daily business. For us, zERT is a big relief!"
    • “We have used the zERT aggregation records to totally eliminate the TLS 1.0 protocol and SHA1/HMAC suites. zERT reporting also enabled us to find various problems in environment settings and configurations. I think we never would have had a chance to do this without the zERT support!”

  • Fiducia & GAD IT AG
    • “Fiducia & GAD IT AG is in the process of enabling z/OS Enterprise Readiness Technology (zERT) to monitor and record the cryptographic protection attributes of network connections terminating on z/OS. With zERT, Fiducia & GAD IT AG can determine which of the connections are properly or improperly configured. This could potentially help the company in its efforts to simplify compliance reporting.

zERT Articles

zERT Videos

Watch the videos to learn about zERT:

zERT Badge

Check out the following zERT badge and start your learning

This badge earner has the knowledge and foundational understanding of configuring zERT Policy Enforcement using the IBM Configuration Assistant for z/OS Communications Server (NCA). This individual can create various objects and rules in zERT, install rules to policy agents, and use zERT reports to analyze their NCA zERT configuration.

zERT Documentation

Read the zERT documentation to learn about the technical details of zERT:

IBM zERT Network Analyzer is a web-based graphical user interface that z/OS network security administrators can use to analyze and report on data reported in zERT Summary records.

For more hands-on details of IBM zERT Network Analyzer, see IBM zERT Network Analyzer tutorial.

zERT aggregation provides an alternative SMF view of the collected security session data in the form of  SMF 119 zERT Summary (subtype 12) records that summarize the repeated use of security sessions by many application connections over time.  zERT Summary records are written at the end of each SMF interval. Compared to zERT discovery alone, zERT aggregation can significantly reduce the volume of SMF records while still providing the critical security information.

zERT discovery discovers the network encryption attributes for each TCP and Enterprise Extender connection by positioning the z/OS TCP/IP stack as a central collection and reporting point for the cryptographic protection attributes for TLS, SSL, SSH, and IPSec security sessions.

zERT Events

The following mainframe events include sessions about zERT:

  • 2020
    • 2020 Winter SHARE Conference: 02/23 - 02/28, 2020, Fort Worth, Texas
      • Pervasive Encryption: Get a Grip on Your z/OS Network Encryption with zERT (Al Chakra, Chris Meyer)
  • 2019
    • Vanguard Security and Compliance 2019: 09/30 - 10/03, 2019, Charlotte, NC
      • Getting a Grip on Your z/OS Network Encryption (Chris Meyer)
    • IBM Systems Technical University: 10/7 -10/11, 2019, LasVegas
      • Pervasive Encryption: Get a Grip on Your z/OS Network Encryption with zERT (Sam Reynolds)
    • 2019 WW IBM Z Security Conference: 10/15 - 10/19, 2019, Montpellier, France
      • z/OS Communications Server V2R4:  Network Security Update (Joshua Bennetone)
    • 2019 Summer SHARE Conference: 08/04 - 08/9, Pittsburgh
      • Pervasive Encryption: Get a Grip on Your z/OS Network Encryption with zERT (Chris Meyer)
      • z/OS Communications Server Network Security Overview (Chris Meyer)
    • 2019 Winter SHARE Conference: 03/10 - 03/15, Phoenix, Arizona
      • Is your z/OS network traffic properly encrypted? zERT has the answer (Chris Meyer)
      • Using zERT to determine how secure your network really is (Stephen Norris - CA Technologies)
  • 2018

zERT Webinar

Using Network Configuration Assistant to configure zERT Policy Enforcement

Time: 10/28/2021 11:30 EDT

Speaker: Mike Fox

Learn more details and watch the webinar recording here.

z/OS Encryption Readiness Technology goes live!

Time: 10/27/2021 9:30 EDT

Speaker: Navya Ramanjulu

Learn more details and watch the webinar recording here.

Getting a grip on your z/OS network encryption!

Time: 12/9/2019 2:00 PM EST (11:00 AM PST)

Speaker: Chris Meyer

Learn more details and register to watch the webinar recording here.

Time: 2/26/2019 11:00 AM EST

Speaker: Chris Meyer

Duration: 60 minutes

Learn more details and register to watch the webinar recording here.

zERT Presentation

The following technical session presentations will provide more details on zERT:

For questions about zERT, email comsvrcf@us.ibm.com.