IBM Z Security and Compliance Center provides automated compliance checks based on a data-driven approach for the IBM zSystems and LinuxONE platform. The compliance posture is checked by validating the collected compliance evidence based on compliance profiles provided in zSCC. The compliance profiles are the mappings of compliance controls / sub requirements with the appropriate goals (checks) for various components in IBM zSystems and LinuxONE platform. IBM Z Security and Compliance Center v1.1.0 provides out of box pre-defined profile support for PCI DSS v3.2.1 (Payment Card Industry Data Security Standard), CIS V8 Controls and NIST SP 800-53r4 . In March 2022, PCI Consortium published the PCI DSS v4.0 controls and emphasized on migrating towards the new standard. While PCI DSS v3.2.1 will remain applicable for next two years, Clients need to start their preparation to move to comply to the PCI DSS v4.0 standard.
PCI DSSS v4.0 support for zSCC
Today, we are adding the PCI DSS v4.0 profile into IBM Z Security and Compliance Center which enables clients to start their journey to begin the compliance checks aligning towards the PCI DSS v4.0. With the PCI DSS v4.0 IBM Z Security and Compliance Center provides the out of box mappings for a subset of PCI DSS v.4.0 controls to the zSCC goals of various components supported by zSCC.
Modern dashboard to view PCI DSS v4.0 Scan results.
With zSCC you can trigger scheduled (or) on demand scans for your IBM zSystems and LinuxONE environments and the results can be visualized at the control level. A zSCC user can view details around controls results based on the severity with an in depth view of controls failure by navigating through further options in the dashboard.