In today's complex hybrid enterprise landscape, protecting sensitive data and ensuring continuous regulatory compliance is more crucial than ever. IBM Z systems, with their unparalleled performance and security, plays a crucial role in serving business critical transactions and protecting sensitive data. However, with the evolving sophisticated cyber threats and changing regulatory landscape, organizations must proactively safeguard their Z environments. To address this growing need, IBM has been working tirelessly to enhance the security and compliance capabilities of its Z systems.

IBM Z Security and Compliance Center (zSCC) v1.3  was announced on July 22, 2025 and is planned to become available on September 30, 2025. You can read the announcement letter here. This release represents a significant milestone in this effort, offering improved compliance management. This new release also enables monitoring enterprise-wide compliance posture including IBM Z. In this post, we'll dive into the new features and enhancements in this release and explore how they can help organizations better protect their Z investments and stay ahead of the threats.

IBM Z Security Center: Where Products Come Together to Simplify Security

To help you easily discover and deploy IBM's security products tailored to your mainframe needs, we've introduced the IBM Z Security Center. This centralized platform provides a comprehensive catalog of security solutions, each with a clear and concise description of its capabilities and fitment. Solutions can be easily installed from the catalog using an entitlement key, and a guided configuration process simplifies the onboarding process. With this latest update, the catalog now features two exciting new products: the Compliance Center and Z Crypto Discovery and Insights.

From Siloed to Integrated: How IBM Concert integration enhances regulatory compliance posture management across the enterprise

IBM Concert is the connective tissue that harmonizes data from disparate tools and environments, transforming it into actionable knowledge that improves operational risk and resilience, while freeing up teams to focus more on innovation. By eliminating the uncertainties created by siloed systems, IBM Concert provides a unified view across key areas, including application resilience, vulnerability management, certificate health, and regulatory compliance. The latest release of IBM zSCC feeds Z-specific NIST and PCI-DSS regulatory compliance posture data into IBM Concert, simplifying enterprise-wide compliance posture.

Building a Compliance Solution that Fits: Customizing zSCC for Your Needs with custom goals support.

zSCC offers flexibility to create custom profiles that meet an organization's regulatory requirements. With this new release, it extends this flexibility to support custom goals, enabling organizations to define, track, and enforce compliance checks tailored to their internal policies, specific audit needs, or unique business priorities. Instead of being limited to out-of-the-box goals, administrators can create technical checks, including specifying components such as RACF or JES2, SMF data fields, logical conditions, severity levels, and messages that align precisely with internal standards. These custom goals can be bundled into profiles and included in validation scans, allowing teams to monitor controls that are uniquely relevant to their organization and thereby enhancing oversight, streamlining audit readiness, and strengthening overall security posture.

Compliance Refresh: Staying Current with Regulatory Changes

With each new release of zSCC, this release delivers updates and refreshes to regulatory profiles, ensuring compliance with evolving regulations. Below is the complete list of updates:

• A new predefined profile is added for the Center for Internet Security (CIS) controls benchmark CIS IBM Db2 for z/OS.
• DISA STIG profile updates

• IBM z/OS RACF STIG
  • RACF_zOS_STIG_8.14
  • RACF_zOS_STIG_9.01
  • RACF_zOS_STIG_9.02
  • RACF_zOS_STIG_9.03
• IBM z/OS ACF2 STIG
  • ACF2_zOS_STIG_8.15
  • ACF2_zOS_STIG_9.01
  • ACF2_zOS_STIG_9.02
  • ACF2_zOS_STIG_9.03
• z/OS RACF Product STIG
  • RACF_CL_SS_STIG_6.14
  • RACF_WAS_STIG_6.02
  • RACF_ROSCOE_STIG_6.09
• z/OS ACF2 Product STIG
  • ACF2_CL_SS_STIG_6.14
  • ACF2_ROSCOE_STIG_6.10
  • ACF2_zSecure_STIG_1.1

Other updates and enhancements

• Secure LDAP Support: The latest update to zSCC introduces support for secure LDAP (LDAPS) connections, enabling administrators to securely upload and manage certificates required for encrypted authentication, ensuring protected access to sensitive resources.
• Enhancements to z/OS PCI DSS Profiles: The latest update to zSCC includes new goals for security patch validations in accordance with PCI DSS 3.2.1 for z/OS and PCI DSS 4.0, ensuring organizations are equipped to meet the latest compliance standards.
• Enhanced Diagnostics: Administrators can now leverage the Request logs feature to troubleshoot errors in IBM Z Security and Compliance Center. This new capability allows for the download of first failure data capture (FFDC) information in a compressed file, providing valuable insights to aid in error identification and resolution.
• Expanded Compliance Coverage: The new version of zSCC empowers administrators to expand compliance coverage by importing custom resource types, allowing you to extend zSCC's scanning capabilities to new areas, including non-IBM components and custom applications, that may not be covered by the default resource types.

IBM Z Security and Compliance Center V1.3 brings exciting new capabilities to simplify and enhance security and compliance for IBM Z systems. With IBM Z Security Center, organizations can now easily discover, install, and configure security products, making it easier to implement and manage security solutions that fit their requirements. The ability to customize the solution with custom goals, and updates to address regulatory changes, also enables organizations to build a compliance solution that fits their unique needs. Furthermore, the integration with IBM Concur helps facilitates enterprise-wide compliance posture management, enabling organizations to manage compliance posture across the enterprise including IBM Z - in a single place. By staying current with the latest updates and enhancements, businesses can ensure their systems are secure, compliant, and ready for the challenges of the future.

Further reading

Additional details can be found in Documentation.