Working with compliance profiles

Using the PowerSC GUI Profile Editor, you can view the built-in compliance profiles, create custom profiles, and copy profiles to system endpoints.

The PowerSC product is delivered with a set of built-in profiles that can be used to configure your system endpoints so that each endpoint meets the following security standards:
  • Payment Card Industry - Data Security Standard compliance (PCI)
  • Payment Card Industry - Data Security Standard compliance (PCI) for Linux®
  • Sarbanes-Oxley Act and COBIT compliance (SOX-COBIT)
  • US Department of Defense STIG compliance (DoD)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • North American Electric Reliability Corporation compliance (NERC)
  • General Data Protection Regulation (GDPR) compliance
  • General Data Protection Regulation (GDPR) compliance for Linux
  • SAP compliance profiles for AIX®
  • SAP HANA compliance for Linux
  • Center for Internet Security benchmarks compliance for AIX and Linux.
  • Center for Internet Security IBM® i benchmark
  • IBM i best practices

For more information about the built-in profiles, see the Security and Compliance Automation concepts topic.

Each of the built-in profiles includes rules that must be applied to an endpoint to meet security requirements. When you need to apply only a subset or a different combination of these rules; or customize compliance levels, you can create a custom profile.

In most environments, administrators frequently edit compliance files to remove problem rules. After compatibility checks are complete, the compliance rule files are considered stable and are deployed onto production servers.

The PowerSC GUI can be used to create custom profiles by combining rules from built-in (or other custom) profiles.