Today, I am happy to announce the General Availability of IBM Z Security and Compliance Center 1.2.0 and IBM LinuxONE Security and Compliance Center 1.2.0. The enhancements in this release provide broader regulatory coverage, substantial usability enhancements and performance benefits to clients. With this release we are introducing,
· Host-defined profiles feature,
· A complete revamp of the Access Management user interface,
· Additional pre-defined profiles for Linux on Z and IBM z/OS
· New SMF1154 data providers support and
· Additional goals for both z/OS and Linux of Z operating systems
Host-defined profile feature for DISA STIG scans
zSCC users can use the pre-configured DISA STIG profile to do compliance scans via host-defined profile feature with zSCC. Once a compliance scope is created, a zSCC user can enable the host-defined profile via the toggle option in the scope UI which in turn will enable zSCC to fetch pre-configured IBM z/OS DISA STIG profiles via z/OS Compliance Integration Manager during the next discovery step.
Figure 1. Scope view with host-defined profile option
The imported host-defined profiles can be viewed as a listing in the Profiles section within zSCC. These profiles have the same name and version number that is configured in IBM z/OS systems.
Figure 2. List of profiles including STIG profiles imported from IBM z/OS
With the host-defined profile feature clients can take advantage of automated compliance validation scans via zSCC with the imported profiles and the detailed results can be viewed in zSCC.
Figure 3: DISA STIG Scan result
IBM z/OS Compliance Data Coverage Enhancements
Extend the compliance data collection with SMF1154 for XCF and JES2. zSCC will be able collect and validate compliance data points from XCF and JES2 for various regulatory profiles like PCI DSS, CIS Controls and NIST SP800-53. Additional goals have been implemented in zSCC for IBM z/OS and its subsystems which brings the pre-defined goals for IBM z/OS in zSCC to approximately 700+ goals.
Linux on IBM Z Compliance Data Coverage Enhancements
Extend the compliance coverage with Linux on IBM Z operating system by extending support to Red Hat Enterprise Linux (RHEL) 9. zSCC will be able to collect and validate compliance data points from RHEL 9 operating system and validation with CIS benchmarks.
NIST SP800-53 R5 and PCI DSS v.4.0 pre-defined profiles
Extend support for additional pre-defined profiles for NIST SP800-53 Revision 5 and PCI DSS v.4.0 compliance. Moving forward clients can make use of these pre-defined profiles to automate compliance scans with the predefined set of goals.
Additional Languages support
Clients across different geographies can get a unified user experience in the zSCC User Interface with the help of inbuilt translation in the zSCC UI. With the simple drop-down menu clients can easily switch to any supported languages listed.
Figure 4: IBM Z Security and Compliance Center UI in Chinese (Traditional)
Ease of use Access Management interfaces
Enable compliance administrators to easily add/delete/update different users with different roles in a simplified user interface. Clients can also configure to use enterprise LDAP with zSCC to manage the users and roles.
IBM Z Security and Compliance REST API Documentation
Enable users to take advantage of the REST API’s which are built in as a part of the solution. The API documentation is available together with the product in Swagger format which enables clients to try out APIs via web browser or via curl commands.
Enjoy the feature rich new release!
IBM Z Security and Compliance Center documentation: Link
IBM zSecure Audit 3.1 documentation: Link