IBM Z and LinuxONE - IBM Z - Group home

New education available for zERT Policy Enforcement

By Xiao Xia Mao posted Mon January 17, 2022 02:27 AM

z/OS Encryption Readiness Technology has been part of z/OS since V2R3, providing a detailed SMF audit trail of the cryptographic network protection and authentication attributes for all the TCP connections that terminate on the local z/OS TCP/IP stack.  The z/OS community quickly adopted and implemented zERT on their systems to gain a clear understanding of the strengths and weaknesses in their z/OS network security protection. 

With V2R5, we have taken zERT to the next level – from a simple audit trail to active, real-time monitoring of cryptographic network protection and authentication through user-configured rules and actions. zERT policy-based enforcement is configured through a new perspective of the z/OSMF Network Configuration Assistant (NCA).  The z/OS Communications Server Policy Agent installs the NCA-generated rules into the TCP/IP stack.  

A new online course shows you how to configure and manage your zERT policy rules easily and intuitively with the NCA, and also awards an open badge. Get started here. After completing this course, you will be able to use the NCA to create various objects and rules in zERT, install rules to policy agents, and use NCA reports to analyze your NCA zERT configuration. 

NCA badge

For more information about zERT and zERT policy-based enforcement, see the following blogs: