IBM Security for Z

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

IBM Z Security and Compliance Center : New PCI DSS v4.0 profile support

By Pradeep Parameshwaran posted Fri March 03, 2023 07:32 AM

  

IBM Z Security and Compliance Center provides automated compliance checks based on a data-driven approach for the IBM zSystems and LinuxONE platform. The compliance posture is checked  by validating the collected compliance evidence based on  compliance profiles provided in zSCC. The compliance profiles are the mappings of compliance controls / sub requirements with the appropriate goals (checks) for various components in IBM zSystems and LinuxONE platform. IBM Z Security and Compliance Center v1.1.0 provides out of box pre-defined profile support for PCI DSS v3.2.1 (Payment Card Industry Data Security Standard), CIS V8 Controls and NIST SP 800-53r4 . In  March 2022, PCI Consortium published the PCI DSS v4.0 controls and emphasized on migrating towards the new standard. While PCI DSS v3.2.1 will remain applicable for next two years, Clients need to start their preparation to move to comply to the PCI DSS v4.0 standard.

PCI DSSS v4.0 support for zSCC

Today, we are adding the  PCI DSS v4.0 profile  into IBM Z Security and Compliance Center which enables clients to start their journey to begin the compliance checks aligning towards the PCI DSS v4.0. With the PCI DSS v4.0 IBM Z Security and Compliance Center provides the out of box mappings for a subset of PCI DSS v.4.0 controls to the zSCC goals of various components supported by zSCC.

Modern dashboard to view PCI DSS v4.0 Scan results.

With zSCC you can trigger scheduled (or) on demand scans for your IBM zSystems and LinuxONE environments and the results can be visualized at the control level. A zSCC user can view details around controls results based on the severity with an in depth view of controls failure by navigating through further options in the dashboard.

Figure 1. zSCC Control level results view for PCI DSS v4.0 profile

Figure 2: PCI DSS v4.0 controls vs goals mapping

In addition to the PCI DSS v4.0, the v1.1.0.6 release of zSCC will include additional goals for z/OS components for a broader coverage of compliance posture on z/OS.

To learn more about all the changes introduced with IBM Z Security and Compliance Center v1.1.0.6, please refer to the documentation here.

1 comment
22 views

Permalink

https://community.ibm.com/community/user/blogs/pradeep-parameshwaran/2023/03/03/ibm-z-security-and-compliance-center-new-pci-dss-v

Comments

Aayushi Sinha
Wed May 10, 2023 01:57 AM

Great news! The addition of PCI DSS v4.0 profile support to the IBM Z Security and Compliance Center is a significant milestone. This development showcases IBM's commitment to staying at the forefront of security and compliance in the ever-evolving digital landscape. By incorporating the latest standards, IBM Z continues to provide a robust and secure platform for organizations dealing with sensitive data. Kudos to the IBM team for continuously enhancing their offerings and helping businesses meet their compliance requirements. Cyber Security Training and Certification .This update is truly a testament to IBM's dedication to ensuring the highest level of security for their customers. Well done!