Home Security Z and LinuxONE Security and Compliance Center IBM Z and LinuxONE Security and Compliance Center
Take the complexity and ambiguity out of compliance audits with automated fact collection and clear 1:1 mappings of regulations
2024 X-Force® Threat Intelligence Index report
Laptop with IBM Z Security and Compliance on the screen

IBM Z® Security and Compliance Center (zSCC) is an integrated set of microservices that collects evidence data from participating IBM software components and products. It works with products and elements on your IBM Z platform running z/OS® or Linux® on Z system to collect and validate compliance data. 

IBM LinuxONE Security and Compliance Center offers function equivalent to IBM Z Security and Compliance Center for the LinuxONE platform.

Compliance audits are often a major time drain, taking staff away from more pressing efforts to satisfying auditor’s demands and stitching together data from multiple sources. Fighting mainframe compliance “drift"—maintaining, updating and adding new processes for compliance—can be a costly effort.

The IBM Z and LinuxONE Security and Compliance Center will help take the complexity out of your compliance workflow and the ambiguity out of audits.

DORA profile added to zSCC

Digital Operational Resilience Act (DORA) profile now available

Solution briefs

IBM Z Security and Compliance Center

IBM LinuxONE Security and Compliance Center

Benefits Time and resource savings

You might reduce audit prep from one month to one week and reduce the team on audit prep by over 40%.

Continuous monitoring

Automated tracking stays current, even as regulations drift. A unified dashboard tracks ongoing compliance.

Process standardization

Clarify processes and reduce the risk of less-experienced users misinterpreting changing regulations.

Automation and visibility

Automate data validation against goals to help increase visibility into potential compliance oversights.

Auditor collaboration

CISOs and auditors receive current views of compliance to accelerate the remediation process.

Increased visibility

Automate data collection and validation against goals to increase visibility into compliance oversights.

Discover how you can boost efficiency Keep data on platform

Regulatory controls are translated to be IBM Z and LinuxONE-specific.

Centralized dashboard

A set of security requirements protects cardholder data throughout its lifecycle.

Native evidence writing

System-generated, time-stamped evidence provides added security.

Enterprise-level compliance

Security and compliance management are driven by triggered evidence.

Customizable compliance frameworks

Frameworks define security requirements for cloud services used by US Department of Defense.

Identify compliance misconfigurations

Sysplexes deliver and store compliant, relevant data.

Use cases

Continuous compliance Translation of regulations to IBM Z and LinuxONE-specific controls add clarity. A centralized, interactive dashboard displays baseline standards. Time-stamped evidence can be captured for a variety of industries.

Track success See how your new or changing business requirements could affect regulation compliance. Clear, jargon-free mapping to the regulations helps you control your business’ infrastructure.

Stay up-to-date See how different regulations overlap or differ when it comes to security controls. You can automate the data-gathering process to save time and effort.

Prove compliance Quickly gather trustworthy evidence that is time-stamped, immutable, and from a clear source. Compliance is shown over time, not just a snapshot, with a tool that “runs silently.”

Update for drift Attempting to maintain your mainframe compliance manually, in an antiquated, periodic, labor-intensive process is not worth the risk. Automation of compliance preserves budget and staff focus.

Industry standards IBM Z Security and Compliance Center follows multiple industry standards to meet the increasing regulatory compliance requirements on a global scale. Digital Operational Resilience Act (DORA)

A binding, comprehensive risk management framework for the EU Financial sector.

Learn more
PCI Security Standards Council (PSI SSC)

A set of security requirements to protect cardholder data throughout its lifecycle.

Learn more
NIST Cybersecurity Framework (NIST CSF)

IT Security and cybersecurity risk management best practices for private sector organizations.

Learn more
Center for Internet Security (CIS)

CIS benchmarks are a set of industry best practices for securely configuring IT Systems, software and networks.

Learn more
Defense Information Systems Agency (DISA)

Security Technical Implementation Guides (STIGs) define security requirements for cloud services used by US Department of Defense.

 

Learn more
Related products IBM Security® zSecure Audit

Measure and verify the effectiveness of your mainframe security policies and security compliance.

IBM Cloud® Security and Compliance Center

Automate and centrally manage your organization’s compliance to regulatory and internal standards.

Resource Access Control Facility

Protect your mainframe resources with tools that manage and control access to valuable z/OS data.

Explore more IBM Z security products
Resources Security on IBM Z and LinuxONE

Protect your business data against cyberthreats—inside your data center and throughout your hybrid cloud—with IBM Z and LinuxONE.

Keeping Up With Security and Compliance on IBM Z

Make the best use of IBM Z Security and Compliance Center and learn to map all the necessary IBM Z security capabilities to meet compliance and improve your security posture.

IBM Security X-Force Threat Intelligence Index 2024

Learn how to safeguard your people and data from cyberattacks. Get deeper insight into attackers’ tactics and recommendations to proactively protect your organization.

Frequently asked questions

The IBM Z Security and Compliance Center can be deployed from z15 or z16®. In addition, it can be deployed natively on LinuxOne. IBM Z Security and Compliance Center can collect data from any system running z/OS 2.4 version or newer.

Yes, this solution requires the use of OpenShift® Container Platform on Linux on IBM Z. Additionally, we now support IBM zCX Foundation for Red Hat® OpenShift (for native z/OS deployment).

Yes, if you are running z/OS 2.4 or later.

The initially available version of the IBM Z Security Compliance Center will feature predefined 1-to-1 mappings of IBM Z controls to requirements specified in the following standards.

  1. PCI DSS v3.2.1 
  2. NIST SP800-53
  3. CIS Benchmarks

Additional standards will be considered in the future based on user feedback.

Yes, you can create your own profiles and groups of controls using a selection of hundreds of technical checks that the IBM Z Security Compliance Center can perform out of the box. You can also import an extensive set of predefined mappings as a basis for your security procedures.

Through this process, the application may be used to prepare your organization for regulatory frameworks not covered by initially available predefined mappings, as well as for internal requirements that are specific to your organization.

Yes, for z/OS systems you can select which LPARs will be in the scope of your scan.

The IBM Z Security Compliance Center automates the collection of compliance relevant data on IBM Z and Linux on IBM Z.

The application contains predefined 1-to-1 mappings of security controls written for IBM Z components (such as RACF, Db2, IBM CICS, IBM IMS, and IBM MQ) to requirements from regulatory frameworks (such as PCI DSS). These mappings were defined by the IBM Z Security team and have been validated with auditors.

Additionally, the solution includes an interactive, customizable dashboard displaying the security controls validated for each requirement, as well as which resources passed and failed. The solution also reports on compliance drift: how compliance posture has changed from one point in time to another.

Yes. You can view detailed scan results in the IBM Z Security Compliance Center dashboard, or a report generated by the application.

For each technical check, you can view a list of all the IBM Z resources that have passed and failed across multiple sysplexes.

You may also view the logic of each scan performed by the application to see exactly what it checked.

The IBM Z Security Compliance Center is equipped with a microservice which sends an ENF signal to all compatible IBM Z components, triggering them to generate compliance data in an enhanced SMF record that has been custom built for this application.

Next steps

Learn how to take the complexity and ambiguity out of compliance audits. Schedule a no-cost 30-minute meeting with an IBM Z and LinuxONE representative.

Get started
Documentation Support IBM Redbooks Support and services Global financing IBM Z and LinuxONE community Security community Developer community Partners