Who knows more about protecting Z than Z people?

Feature spotlights

Simplify security administration through automation

Execute queries in seconds and implement mass changes with little administration, helping to lower overhead costs.

Lower breach risks with automated analysis and reporting

Identify RACF problems on the z/VM operating system, such as missing or inconsistent definitions, enabling you to fix or prevent mistakes before they become a threat to security and compliance. Monitor privileged users to help ensure that old accounts are properly deleted and that products have been well integrated, helping to avoid vulnerabilities that can be exploited by other users.

Merge security rules from different databases

Copy or move users, groups, resources, applications or whole databases, and rename IDs within the same database. Produce reports in email format on a daily or custom schedule only when specific events occur or when there is a security breach. Modify displays and reports using CARLa Auditing and Reporting Language (CARLa).

Analyze RACF profiles to get fast answers

Read and update the RACF database directly from an OS-formatted disk or a copied or unloaded RACF database. Answer questions such as: “Who has access to this file?” and “Which system special users have not changed their passwords?” Analyze System Management Facility (SMF) information from the live SMF data or from extracted SMF data on tape or disk. View information using live data interactively almost immediately after an event has occurred.

Customize reports to meet your specific needs

A short list of report capabilities include: generating reports in XML format, import report data into databases and reporting tools, viewing data with Microsoft Internet Explorer or Microsoft Excel, allowing managers to view, sort and annotate audit reports and producing reports centrally for automatic distribution to decentralized groups.

Support external files of existing data

Filter external supplementary information from existing data sources and corporate applications (such as unit, department and personnel data) and present it alongside the technical data from z/VM® and IBM® RACF® in automatically generated reports.

Detect integrity breaches

Rank severity of exposure, help determine corrective action and provide a framework for rule-based compliance auditing.

Scalable for big data systems

V2.2.1 allows storage above the 2 GB boundary ("the bar") to enable processing of more data. Note that the ability to use more virtual memory can have implications for paging and real storage needs. This also frees up storage below the bar for other programs. With models z196 or higher, 64-bit addressing is activated automatically, though reverting back to 31-bit addressing is optional. You can select the program to run using the SE.0 (SETUP RUN) option.

Boost compliance framework support

IBM Security zSecure™ Manager for RACF z/VM V1.11.2 offers an extended compliance framework for automation and coverage for compliance verification.

Improve results through a comprehensive, automated audit referencing a built-in knowledge base. Reduce manual processes for gathering data to support activities for compliance.

Provide coverage for Security Technical Implementation Guide (STIG) for z/VM, and the ability to extend beyond STIG or define your own standard.

Integrates with IBM systems

Integrates with IBM Security QRadar SIEM®, IBM Security Guardium®, RACF and IBM MFA solutions Data collected on z/VM by IBM Security Manager for RACF z/VM can be processed on z/OS® by IBM Security zSecure Admin and Audit. The z/OS products are instrumented to help you view the z/VM data and reports and support combined analysis.

Technical details

Technical specifications

IBM Security zSecure V2.2.1 also updates currency with products, applications, and standards to include:

  • CA ACF2 and CA Top Secret
  • IBM MQ
  • IBM Integrated Cryptographic Service Facility (ICSF)
  • Windows server
  • Payment Card Industry-Data Security Standard (PCI-DSS)
  • Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs)

Software requirements

Requirements: A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.

  • IBM z/OS V1R12
  • IBM z/OS V1R13
  • IBM z/OS V2R1

Hardware requirements

A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.