On April 11, 2020 a new service stream enhancement (SSE) to zSecure 2.4 has become generally available, providing additional compliance control automation--in particular for the RACF protection of product resources--and assorted usability improvements.
Background
Mainframes continue to be the home for mission critical information and essential business production applications in many organizations due to the strong heritage of integrated security support capabilities across hardware, operating system, software and applications. Resource Access Control Facility (RACF) is the foundational IBM package provided for protecting Z.
IBM Security zSecure suite builds on the security support in IBM Z, z/OS and RACF to enhance mainframe security capabilities. CA ACF2 is an alternative to RACF; several zSecure components also work with this external security manager.
IBM Security zSecure Audit helps review the security of the system in various ways, e.g. by formatting event log records from the System Management Facilities (SMF) and by running evaluations against compliance standards such as the Security Technical Implementation Guides (STIGs) from the United States Defense Information Systems Agency (DISA). The
IBM Security zSecure Adapters for SIEM provide a functional subset to send enriched SMF information to SIEM solutions such as IBM QRadar SIEM.
Benefits
The SSE for zSecure 2.4 released in April 2020 provides
- automatic recognition of many more sensitive resources;
- automation of DISA STIG RACF compliance controls, with a focus on the protection of product resources (for IBM System Display and Search Facility, IBM Z Netview, several BMC products, CA Roscoe, Compuware Abend-AID, Rocket Software Catalog Solution, and Vanguard Security Solutions);
- new compliance whitelist members for the names of started tasks of various products;
- support for DISA STIG release 6.43;
- performance enhancements for the processing of ACF2 access controls;
- more CA 1 specific settings in the Tape reports and updates to the Sensitive data sets reports;
- a new WTO message to highlight the start of real-time event security monitoring;
- an output format DEC$DIGITS to format numbers with leading zeroes; and
- serviceability improvements, including the option to adjust the return code of message CKR1322 (unrecognized segment name in the RACF templates).
A
technote has been made available to describe the details.
Prerequisites
To fully benefit from these enhancements the following is required:
* IBM Security zSecure Audit 2.4, or one of the zSecure Compliance solutions
* PTF UJ02585 for APAR OA59004 (this updates code shared among most zSecure components)
* PTF UJ02598 for APAR OA59006 (this updates code specific to the ACF2 features)
Migration
Re-run the CKAZCUST job to add the new compliance framework configuration members to your CKACUST data set.
To activate the proper auditing of various product resources, review what SIMULATE SUBSYS specifications are needed to indicate the configurations of the products.
If you have any questions, please ask them here or on the
zSecure support forum. The
IBM Security zSecure today article serves as a starting point to reach all the latest zSecure announcements.