IBM Security zSecure 2.3.0
JeroenTiggelman 27000186A5 Visits (11290)
Mainframes continue to be the home for mission critical information and essential business production applications in many organizations due to the strong heritage of integrated security support capabilities across hardware, operating system, software and applications. The IBM z14 enables the ultimate data protection of pervasive encryption – while being open and connected in the cloud to speed innovation at lower cost. z/OS V2R3 is designed to provide new policy-based encryption options that take full advantage of the improvements in the z14 platform and can help clients protect their critical business data. The new encryption capabilities and policies apply both to data at rest and to data in flight.
Resource Access Control Facility (RACF) is the foundational IBM package provided for protecting Z. When an access check occurs in a resource manager (i.e., a program that must make an access decision about the use of certain resources) the application programming interface (API) known as the System Authorization Facility (SAF) is called. If the system is protected by RACF, then SAF will forward the question to that External Security Manager (ESM) and return the answer (allowed/protection undefined/denied).
IBM Security zSecure suite builds on the security support in IBM Z, z/OS and Resource Access Control Facility to enhance mainframe security capabilities. It can help you protect your enterprise, detect threats, comply with policy and regulations and reduce costs. Most of the products run on the z/OS operating system. The zSecure for z/OS release numbers follow those of z/OS. For complete support of a z/OS release, you generally need the same release of zSecure. IBM Security zSecure furthermore helps protect various mainframe sub-systems, including Db2, CICS, IMS, and MQ.
zSecure has a very long track record of integrating with Security Information and Event Management (SIEM) solutions, starting with Consul/Enterprise Audit 2.1 in 1999 (a predecessor of Tivoli Security Information and Event Manager). In 2012 a similar integration was established between zSec
HPE Security ArcSight is a SIEM solution from Hewlett Packard.
zSecure provided initial support for IBM MFA in a serv
The common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for SIEM is called the CARLa Auditing and Reporting Language (CARLa).
The Security Technical Implementation Guide (STIG) from the United States Defense Information Systems Agency (DISA) provides a framework for ensuring that security is set up properly. IBM Security zSecure Audit helps automate compliance control points belonging to this standard as well as for the P
IBM Security zSecure 2.3.0 provides currency with
* z/OS V2R3, also co-announced with the new IBM Z pervasive encryption support on July 17, 2017, and planned to be available on September 29, 2017
* CICS Transaction Server V5R4, announced on May 16, 2017 and available since June 16, 2017
* Db2 12, announced on October 4, 2016 and available since October 21, 2016
Notable features include
* Support for various z/OS V2R3 and RACF features for pervasive encryption, such as auditing data set encryption both statically and through SMF (including z Encryption Readiness Technology; zERT) and support for key labels
* Support for other new z/OS V2R3 and RACF features, such as eight-character TSO user IDs, SMF record types above 255, SETROPTS ENHA
* Support for sending alerts from zSecure Alert to HPE Security ArcSight in Common Event Format (CEF) out of the box
* Integration between zSecure Admin Access Monitor and IBM Operation Analytics for z Systems
* Support for MFA in zSecure Visual
* New CARLa report types NJE_NODE, SYSTEM_VARIABLE (system symbols), ICSF_SYMKEY, ICSF_PUBKEY, RUN (current environment), and RUN_DD (allocated files)
* Many new RE and IN menu suboptions
* Many new options for the HEADER keyword on NEWLIST and various related parameters to make it easier to generate output in a certain format, including HEADER=LEEF and HEADER=CEF
* Many new CARLa fields in the SYSTEM report type for ICSF settings
* Various productivity enhancements
* New and updated compliance checks, including ACF2
* New alerts
The STIG standard version level has been upgraded to 6.31.
Information from newly supported SMF record types is passed towards IBM QRadar SIEM.
The product that provides a subset of zSecure Audit functionality for integration with SIEM solutions has been renamed to IBM Security zSecure Adapters for SIEM.
If you maintain zSecure Alert configurations from zSecure 2.3, tables will be migrated to a new format that cannot be used with lower releases.
zSecure 2.3 ships with new menu options. If you use option SE.D.N to customize menus or options for your installation, then you must run SE.D.N again with a sufficiently authorized user ID.
Alert skeletons have been reorganized. If you have site specific alerts that imbed skeletons shipped with the product, verify that there is no impact.
The CARLa members implementing the RECREATE function have been reorganized. If you imbed them in your own CARLa, verify that there is no impact.
AU.R subsets are migrated to a new format. If you want to work with them in zSecure 2.2.0 or 2.2.1 afterwards, you need the PTFs for APAR OA53309.
If you are migrating from a release that did not have 64-bit addressing enabled and default, also check the migration instructions for zSecure 2.2.1.
If you have any questions, please post them here or on the zSecure forum. You can also visit the zSecure community. The current zSecure for z/VM release is 1.11.2. The I