IBM Security zSecure Audit for ACF2: new DISA-STIG compliance checks
JeroenTiggelman 27000186A5 Visits (10237)
On July 4, 2017 a new service stream enhancement (SSE) to zSecure Audit 2.2.1 has become generally available, adding additional compliance checks for the Security Technical Implementation Guide (STIG) for z/OS from the US Defense Information Systems Agency (DISA). This SSE focuses on adding Access Control Program (ACP) controls for systems protected through CA-ACF2. This builds on the ACF2_SENSDSN_ACCESS report type first provided in zSecure Audit 2.2.1.
The Security Technical Implementation Guide from DISA provides a framework for ensuring that security is set up properly. IBM Security zSecure Audit helps automate compliance control points belonging to this standard as well as for the Pa
The Compliance Testing Framework was added in zSecure 1.13.1 (2012). A user interface was provided in zSecure 2.1.0 (2013). Regular updates to this menu option AU.R have been provided since. zSecure 2.2.1 (December 2016) provided compliance checks for STIG version 6.29. It also included a new report type ACF2_SENSDSN_ACCESS (somewhat similar to the RACF_ACCESS report for RACF) to make it easier to check on individual authorizations to sensitive data sets for ACF2.
The following update is provided:
* The Compliance Testing Framework has been enhanced to allow reuse of common test specifications in multiple rules and maintain them in one place (INCLUDE within RULE.... ENDRULE).
This update primarily applies to zSecure Audit for ACF2. Some of the underlying updates to ACF2_SENSDSN_ACCESS and the Compliance Testing Framework can be used in zSecure Audit for RACF, zSecure Audit for Top Secret, and other components of the zSecure Suite.
To fully benefit from these enhancements the following is required:
* IBM Security zSecure Audit for ACF2 2.2.1, or one of the zSecure Compliance and Auditing solutions including that product feature
You can apply this update without special considerations.
If you have any questions, please post them here or on the zSecure forum. You can also visit the zSecure community and wiki. The current zSecure for z/VM release is 1.11.2. The I