IBM Security zSecure Manager for RACF z/VM 1.11.2 was announced this week at IBM Interconnect 2015 with a planned availability date of March 13, 2015. This release is based on IBM Security zSecure Suite 2.1.1 (for z/OS) and introduces the zSecure Audit Compliance Testing Framework to the z/VM operating system.
Background
Mainframes continue to be the home for mission critical information and essential business production applications in many organizations due to the strong heritage of integrated security support capabilities across hardware, operating system, software and applications. In addition, many industries have security standards and compliance regulations such as HIPAA (Health Insurance Portability and Accountability Act) for healthcare, PCI-DSS (Payment Card Industry-Data Security Standards) for retail, and SOX (Sarbanes-Oxley Act) and others for financial institutions that require special security controls and auditing. The Security Technical Implementation Guides (STIGs) from the Defense Information Systems Agency (DISA) are often used by government and commercial customers as technical guidance to "lock down" information systems and software that might otherwise be vulnerable to a malicious computer attack.
IBM Security zSecure for z/OS builds on security provided in z/OS and Resource Access Control Facility (RACF) to enhance mainframe security capabilities. The z/VM mainframe operating system is a hypervisor; z/OS instances can run under z/VM. RACF for z/VM and IBM Security zSecure Manager for RACF z/VM provide additional security capabilities for z/VM to help you secure the entire software stack.
The CARLa Auditing and Reporting Language (CARLa) is the common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM.
Benefits
IBM Security zSecure Manager for RACF z/VM 1.11.2 is based on IBM Security zSecure Suite 2.1.1 (for z/OS), thus providing enhancements that were made for zSecure for z/OS 1.13.1, 2.1.0, and 2.1.1 that apply to the z/VM environment.
The most notable of these features is the zSecure Audit Compliance Testing Framework introduced in zSecure 1.13.1 with the extensions to the user interface and configuration options provided by 2.1.0 and 2.1.1, allowing you to define your own security standard and report on compliance with it. A number of RACF STIG compliance controls as employed in zSecure Audit 2.1.1 are provided as CARLa samples.
This release provides currency with z/VM V6R3. Edit: Meanwhile, z/VM V6R4, z/VM 7.1, and z/VM 7.2 support has been added
A summary of the enhancements in this release can be found in the Knowledge Center on the What's New page.
Migration
zSecure Manager for RACF z/VM 1.11.2 no longer provides service for z/VM V6R1 (which is out of support). Note that z/VM V5R4 is stil supported.
Interoperability
Data collected on z/VM by IBM Security zSecure Manager for RACF z/VM can be processed on z/OS by IBM Security zSecure Admin and Audit. The z/OS products are instrumented to help you view the z/VM data and reports and support combined analysis.
Further reading
There is no announcement letter for this modification release. You can look at the product page for a description of all available features.
For an overview of the zSecure suite as a whole, look here.
If you have any questions, please post them here or on the zSecure support forum. The current zSecure for z/OS release is 2.1.1. The IBM Security zSecure today article serves as a starting point to reach all the latest zSecure announcements.
Edit: The current release is zSecure Manager for RACF z/VM 2.5.1
Edit: zSecure for z/OS 2.5 is available
Edit: Added link to What's new page
Edits: Added references to z/VM 6.4, 7.1, and 7.2 compatibility.
Edits: Removed references to obsolete content and broken links