IBM Security zSecure Audit 2.1 Compliance Testing Framework extended with PCI-DSS compliance checks
JeroenTiggelman 27000186A5 Comment (1) Visits (10931)
Version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS) has become available on November 7, 2013. Updates to IB
Mainframes continue to be the home for mission critical information and essential business production applications in many organizations due to the strong heritage of integrated security support capabilities across hardware, operating system, software and applications. IBM Security zSecure suite builds on the security support in z/OS and Resource Access Control Facility to enhance mainframe security capabilities.
The Payment Card Industry Security Standards Council (PCI SSC) helps organizations ensure the safe handling of cardholder information. PCI-DSS provides an actionable framework for developing a robust payment card data security process. IBM zSecure Audit helps automate compliance control points belonging to this standard as well as for the Security Technical Implementation Guide from the Defense Information Systems Agency (DISA-STIG) and GSD331/ISeC (a global services document with security controls documentation from IBM).
The following updates are provided:
These features apply to zSecure Audit for RACF and zSecure Audit for ACF2. Some of the underlying capabilities can be used in other components of the zSecure suite through the CARLa Auditing and Reporting Language (CARLa) though they are not exploited in the product 'out of the box'.
Documentation updates have been provided in a Technote.
To benefit from these enhancements the following is required:
* IBM Security zSecure Audit 2.1, or one of the zSecure Compliance and Auditing solutions
* PTF UA71562 for APAR OA43830 (this updates the general framework)
* PTF UA71563 for SYSROUTE APAR OA43836 (this contains parts specific to ACF2)
If you have any questions, please post them here or on the zSecure forum.