What's new for zSecure V2.3.0
zSecure™ V2.3.0 enhances mainframe security intelligence and automated compliance auditing.
For information about installation considerations like system requirements, incompatibility warning, and known limitations, see "Release notes".
IBM Security zSecure V2.3.0 (announcement) includes the following new features and enhancements:
- Enhanced data protection with pervasive encryption support for z/OS V2.3:
- Enabling clients to immediately audit and monitor new feature usage:
- Showing key labels, enriched with reference and usage information, encryption algorithm, and key length fields (ICSF_PUBKEY and ICSF_SYMKEY newlists).
- Detailed information about relevant ICSF system settings (54 new ICSF fields in SYSTEM newlist).
- Data set encryption key labels; made available if present in System Management Facility (SMF).
- Support for SMF record 119-11 that adds 118 new fields for the new zERT Encryption Readiness Technology.
- Help to understand which systems and which users can decrypt the data.
- Administration and control of pervasive encryption:
- Eased administration of mandatory data set encryption through Data Facility Product (DFP) segments.
- Direct navigation from data set encryption key labels to key label protection profile administration.
- Command Verifier policies added for setting DATAKEY and CSFKEYS attributes.
- Enabling clients to immediately audit and monitor new feature usage:
- Enhanced security intelligence by sending security decisions data to an analytics engine:
- IBM Security zSecure Access Monitor, which is part of zSecure Admin, feeds security event information into IBM® Operations Analytics for z Systems™.
- Support for HPE Security ArcSight Common Event Format (CEF) variant of alerts.
- Five new customer-requested alerts.
- Enhanced regulatory compliance and standards support:
- New report on Network Job Entry (NJE) nodes and attributes (NJE_NODE newlist).
- New reports on address space allocations, system symbols.
- Support for administering and controlling RACF Multi Factor Authentication (MFA) policies, including new Command Verifier policies.
- Enhanced support for DISA STIGs:
- 17 new ACF2 data set-related compliance controls; see the technote.
- Added support for extended description lengths and imbedding shared tests in a rule.
- Adjusted controls for STIG level 6.31.
- Enhanced functionality for batch and interactive reporting:
- New report on current job environment (RUN newlist) and input data sets (RUN_DD newlist).
- Access Monitor reporting is enhanced to ease access-group restructuring.
- Information from different profile segments reported in single report.
- Easier specification of reports with a transportation layout (for example, in Comma Separated Value format, or directed to QRadar SIEM or HPE Security ArcSight), enabling simpler maintenance and a potential for improved performance.
- Enhanced performance:
- The defaults for zSecure Access Monitor have changed to use more efficient exits, and perform pre-consolidation.
- Several DB2 reports were optimized to use less virtual storage.
- The data collection program (CKFCOLL) was changed for improved handling of shared disks.
- Three alerts have been changed to omit the need for a separate preprocessing run generating multiple select statements.
- Currency support
- z/OS V2.3
- CICS V5.4
- DB2 V12
- DISA STIG 6.31
- Customer requests for enhancements (RFEs)
Note: "IBM Security zSecure Adapters for QRadar SIEM" is renamed to "IBM Security zSecure
Adapters for SIEM".
For information about the documentation, see zSecure documentation.