IBM Security zSecure 2.3.0
JeroenTiggelman 27000186A5 Visits (12450)
Mainframes continue to be the home for mission critical information and essential business production applications in many organizations due to the strong heritage of integrated security support capabilities across hardware, operating system, software and applications. The IBM z14 enables the ultimate data protection of pervasive encryption – while being open and connected in the cloud to speed innovation at lower cost. z/OS V2R3 is designed to provide new policy-based encryption options that take full advantage of the improvements in the z14 platform and can help clients protect their critical business data. The new encryption capabilities and policies apply both to data at rest and to data in flight.
Resource Access Control Facility (RACF) is the foundational IBM package provided for protecting Z. When an access check occurs in a resource manager (i.e., a program that must make an access decision about the use of certain resources) the application programming interface (API) known as the System Authorization Facility (SAF) is called. If the system is protected by RACF, then SAF will forward the question to that External Security Manager (ESM) and return the answer (allowed/protection undefined/denied).
IBM Security zSecure suite builds on the security support in IBM Z, z/OS and Resource Access Control Facility to enhance mainframe security capabilities. It can help you protect your enterprise, detect threats, comply with policy and regulations and reduce costs. Most of the products run on the z/OS operating system. The zSecure for z/OS release numbers follow those of z/OS. For complete support of a z/OS release, you generally need the same release of zSecure. IBM Security zSecure furthermore helps protect various mainframe sub-systems, including Db2, CICS, IMS, and MQ.
zSecure has a very
HPE Security ArcSight is a SIEM solution from Hewlett Packard.
zSecure provided initial support for IBM MFA in a service stream enhancement in May 2016 and several enhancements in zSecure 2.2.1 (December).
The common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for SIEM is called the CARLa Auditing and Reporting Language (CARLa).
The Security Technical Implementation Guide (STIG) from the United States Defense Information Systems Agency (DISA) provides a framework for ensuring that security is set up properly. IBM Security zSecure Audit helps automate compliance control points belonging to this standard as well as for the Payment Card Industry Data Security Standard (PCI-DSS) from the Payment Card Industry Security Standards Council and GSD331/ISeC (a global services document with information security controls documentation) from IBM.
IBM Security zSecure 2.3.0 provides currency with
* z/OS V2R3, also co-announced with the new IBM Z pervasive encryption support on July 17, 2017, and planned to be available on September 29, 2017
* CICS Transaction Server V5R4, announced on May 16, 2017 and available since June 16, 2017
* Db2 12, announced on October 4, 2016 and available since October 21, 2016
Note that service stream enhancements in support of CICS V5R4 and Db2 12 have been available for prior zSecure releases for some time.
Notable features include
* Support for various z/OS V2R3 and RACF features for pervasive encryption, such as auditing data set encryption both statically and through SMF (including z Encryption Readiness Technology; zERT) and support for key labels
* Support for other new z/OS V2R3 and RACF features, such as eight-character TSO user IDs, SMF record types above 255, SETROPTS ENHA
* Support for sending alerts from zSecure Alert to HPE Security ArcSight in Common Event Format (CEF) out of the box
* Integration between zSecure Admin Access Monitor and IBM Operation Analytics for z Systems: zSecure Admin Access Monitor can now write pre-processed access records for use in an analytics product. These are provided in CSV format in a z/OS UNIX file. Details can be found in this technote.
* Support for MFA in zSecure Visual
* New CARLa report types NJE_NODE, SYSTEM_VARIABLE (system symbols), ICSF_SYMKEY, ICSF_PUBKEY, RUN (current environment), and RUN_DD (allocated files)
* Many new RE and IN menu suboptions
* Many new options for the HEADER keyword on NEWLIST and various related parameters to make it easier to generate output in a certain format, including HEADER=LEEF and HEADER=CEF
* Many new CARLa fields in the SYSTEM report type for ICSF settings
* Various productivity enhancements
* New and updated compliance checks, including ACF2 data set related ACP compliance controls
* New alerts
The STIG standard version level has been upgraded to 6.31.
Information from newly supported SMF record types is passed towards IBM QRadar SIEM.
The product that provides a subset of zSecure Audit functionality for integration with SIEM solutions has been renamed to IBM Security zSecure Adapters for SIEM.
If you maintain zSecure Alert configurations from zSecure 2.3, tables will be migrated to a new format that cannot be used with lower releases.
zSecure 2.3 ships with new menu options. If you use option SE.D.N to customize menus or options for your installation, then you must run SE.D.N again with a sufficiently authorized user ID.
Alert skeletons have been reorganized. If you have site specific alerts that imbed skeletons shipped with the product, verify that there is no impact.
The CARLa members implementing the RECREATE function have been reorganized. If you imbed them in your own CARLa, verify that there is no impact.
AU.R subsets are migrated to a new format. If you want to work with them in zSecure 2.2.0 or 2.2.1 afterwards, you need the PTFs for APAR OA53309.
If you are migrating from a release that did not have 64-bit addressing enabled and default, also check the migration instructions for zSecure 2.2.1.
If you have any questions, please ask them here or on the zSecure support forum. The current zSecure for z/VM release is 1.11.2. The I
Edits: Modernized links