Db2 evidence for z/OS continuous compliance
Db2 can gather information about the security of a Db2 subsystem in SMF type 1154 trace records.
SMF type 1154 records provide evidence about the security configuration of z/OS subsystems to compliance tools such as the IBM® zSystems™ Security and Compliance Center solution. Db2 contributes compliance evidence data through subtype 81 records.
The information can be used to determine whether:
- The installation specified default ID has been changed.
- The security port is configured.
- Authorization is enabled.
- Administrator authority is granted to a user, when native Db2 authorization is used.
- A RACF® user access change is reflected in Db2.
On receiving an ENF type 86 signal from the z/OSMF Compliance REST API, Db2 collects and writes compliance data to SMF 1154 subtype 81 records.
