IBM Security zSecure, Version 2.2.0

What's new

zSecure™ V2.2.0 enhances mainframe security intelligence and automated compliance auditing.

For information about installation considerations like system requirements, incompatibility warning, and known limitations, see Release notes.

IBM Security zSecure V2.2.0 (announcement) includes the following new features and enhancements:
  • Integration with IBM Security Identity Governance and Intelligence:
    • Analyze, define, control user access, report on separation of duties conflicts and access risks for RACF and Mainframe based applications
  • Currency with z/OS V2.2, IMS 14, and CICS V5.3, including:
    • RACF V2.2 integration, which includes support for the new ROAUDITOR attribute
    • Support for the new TSO PASSWORDPREPROMPT option for LOGON
    • Support for z/OS UNIX V2R2 enhancements, including those that enable giving out more limited access to auditors through use of the new FSEXEC class (controlling file execute permissions) and the SUPERUSER.FILESYS.DIRSRCH resource in the UNIXPRIV class (allows reading all directories without providing exemption from controls in the FSACCESS class)
    • Support for new SMF records, including more extensive support for the following types: SMF 42-27 (VTOC update records), SMF 90-37 (changes to the APF list), SMF 82 (ICSF). Basic support for the following: SMF 121 (Java statistics), SMF 106 (Base Control Program internal interface (BCPii) activity), SMF 87 (GRS Monitoring), SMF 29 (IMS ODBM accounting)
  • Performance improvement:
    • Reduced storage requirements for smaller reports; provide option to reduce storage usage at the cost of more I/O to data sources
    • Prevent less efficient CARLa queries
  • Scalability improvement: C2PACMON and C2POLICE collect data in in-storage buffers:
    • Data collection buffers allocated above the bar; maximum size of single buffer has been increased to 1 GB.
  • Enhanced compliance, auditing, and monitoring:
    • Extended rule-based compliance evaluation framework to include additional automation and coverage for compliance verification
    • Extended support for the Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA)
    • Enhanced automated compliance framework workflow
    • Additional SMF records sent to QRadar SIEM
  • Support for enhanced RACF password security
  • Usability enhancements, including:
    • Enhanced data that is sent to QRadar SIEM
    • Updates to the Access Monitor User Interface
  • zSecure Visual enhancements:
    • Support for passphrase management: new passphrase-related functions available from context menu options
    • Supports Windows 10; seamless auto-upgrade from Windows 7 or 8.x
    • Help system now uses IBM Knowledge Center Customer Installed (IBM KC CI), works with Internet Explorer 9+, Mozilla Firefox 17+, and Google Chrome 20+
  • Simplified RACF Offline install: new dynamic RACF interfacing code eliminates the need to install in z/OS SMP/E zone
  • For information about the documentation, see IBM Security zSecure Suite library:
    • New: IBM Security zSecure Admin and Audit for RACF® Line Commands and Primary Commands Summary lists the line commands and primary commands with a brief description in flyer format.
    • The IBM Security zSecure product materials now include instructions to download the .iso file for the IBM Security zSecure Documentation CD.
  • Statement of general direction: In the future, zSecure support for 64-bit addressing is planned. This support is intended to provide enhanced scalability and performance, enabling larger volumes of data to be processed centrally for consolidated security intelligence and compliance reporting. For flexibility, customers will have the choice of whether they use 31-bit or 64-bit addressing.
    CKRCARLA currently always invokes the CKR4Z program, which is a CARLa engine that does not use 64-bit addressing. The CKR8Z196 program name is reserved for a potential future variant of the CARLa engine that does use 64-bit addressing.


Feedback