IBM Information Management System (IMS) - Group home

IMS Support for Z Security and Compliance Center

By Sanjay Kaliyur posted Tue June 21, 2022 12:39 PM


Monitoring security and adhering to compliance standards are increasingly challenging for our customers, who tell us that gathering and validating evidence to demonstrate compliance for audits is a significant pain point. Our customers have the additional challenge of translating and interpreting compliance requirements, which are often written in the context of a distributed environment, to fit with the IBM zSystems platform in order to properly demonstrate compliance to auditors. 

With the new IBM Z Security and Compliance Center in IBM z16, we have delivered a solution to alleviate these issues. The IBM Z Security and Compliance Center delivers a centralized, interactive dashboard to view the compliance posture of your zSystems environment in real time. A key feature of the IBM Z Security and Compliance Center is the automation of the collection and validation of evidence against a specific set of regulatory controls. The system itself, from the hardware, operating systems, middleware, and application platforms, transparently generates the evidence on demand.

So, how does it work?

The dashboard, which displays the collected evidence, will assess the evidence and determine whether the environment is compliant with a set of controls and if not, will recommend steps to remediate the issue for each control. With these capabilities, clients can check the regulatory posture of their environment on demand to ensure continuous compliance. Predefined profiles will identify potential deviations through built-in goal validation that help demonstrate to auditors the details around the severity of controls deviations from PCI-DSS and NIST SP800-53.

IMS and the IBM Z Security and Compliance Center

IMS Operations Manager (OM) and IMS Connect address spaces have configuration parameters that are compliance audit related.  These settings are kept in internal control blocks that are not accessible externally. In IMS 15 after APAR PH42600, OM and IMS Connect address spaces copy and consolidate internal compliance audit settings into new source-shipped control blocks. These address spaces provide the address of their compliance data blocks via a z/OS name/token with a specific, documented name of "BPECOMPLIANCEDAT". Macros mapping these blocks are included in the IMS SDFSMAC data set. Any product that performs security audit compliance checks may use these new compliance data blocks to obtain the previously inaccessible compliance audit data from OM and IMS Connect.

One such product, IBM Security zSecure Suite 2.5.0 with APAR OA63173 (PTF UJ08291), will capture the compliance data in the OM and IMS Connect blocks (as well as from blocks in the IMS control region), and make it available for compliance tests and display under ISPF or in batch reports. The IBM Z Security and Compliance Center externalizes this data to SMF 1154 subtype 85, 86, and 87 records and uses the SMF 1154 records to evaluate an installation's compliance state, which can be displayed on the IBM Z Security and Compliance Center dashboard.

Security and compliance are big focus areas for IMS and we put a lot of investment into ensuring synergies between IMS and the great initiatives that are available through the zSystems platform, like the IBM Z Security and Compliance Center. With support for this new product, IMS customers can rest easy knowing that their upcoming security and compliance audits will be smoother and less stress-inducing than before.

To learn more about the IBM Z Security and Compliance Center, please visit this page on the IBM website. If you’d like to learn more about IMS and view the great educational content our team has made available, please visit IMS Central.