IBM Security zSecure Audit 2.1.1: new DISA-STIG compliance checks
JeroenTiggelman 27000186A5 Visits (14481)
On December 19, 2014 a new service stream enhancement (SSE) to zSecure Audit 2.1.1 has become generally available, adding additional compliance checks for the Security Technical Implementation Guide (STIG) for z/OS from the US Defense Information Systems Agency (DISA). Following the support added for IBM MQ for z/OS in zSecure 2.1.1, this SSE focuses on compliance checks for MQ.
The Security Technical Implementation Guide from DISA provides a framework for ensuring that security is set up properly. IBM Security zSecure Audit helps automate compliance control points belonging to this standard as well as for the Pay
The Compliance Testing Framework was added in zSecure 1.13.1 (2012). A user interface was provided in zSecure 2.1.0 (2013). Regular updates to this menu option AU.R have been provided since in various service stream enhancements. zSecure 2.1.1 (2014) provided compliance checks for STIG version 6.20. zSec
The following update is provided:
This update applies to zSecure Audit for RACF and zSecure Audit for ACF2.
Documentation updates have been provided in a Technote. This technote includes documentation for a few changes made in the same area in earlier PTFs.
The Technote also points to a second technote listing the avai
To fully benefit from these enhancements the following is required:
* IBM Security zSecure Audit 2.1.1, or one of the zSecure Compliance and Auditing solutions including that product
The zSecure Audit Compliance Testing Framework has been extended with new configuration members in the CKACUST customization data set. The job CKAZCUST to populate a CKACUST data set has been upgraded and this revised job can be re-run on an existing one prior to using option AU.R (rule-based compliance reporting) again. For best results the new member should be revised to conform to the installation's needs.
This is the second SSE for zSecure 2.1.1 following the one for stro
Earlier SSEs for zSecure 2.1.0 with compliance controls were:
If you have any questions, please post them here or on the zSecure forum. You can also visit the zSecure community and wiki. The current zSecure for z/VM release at the time of original publication was 1.11.1. The I