Overview of IBM Z Security and Compliance Center
In regulated industries, compliance is a top priority. However, the process for collecting evidence of information security controls and demonstrating compliance with auditors is manual and time-consuming. IBM Z® Security and Compliance Center helps you to promote a culture of compliance within your organization that focuses on system settings and supports the collection of audit evidence. The topics in this chapter provide an overview of IBM Z Security and Compliance Center and explain the key terms and concepts.
With IBM Z Security and Compliance Center, you can check your systems in accordance with leading industry-regulatory frameworks and security standards. This IBM® solution automates the collection of compliance-relevant data on z/OS® and Linux® on IBM Z systems. IBM Z Security and Compliance Center is composed of z/OS and Linux on IBM Z elements that validate compliance data through an intuitive web-based dashboard and easy-to-generate reports. The reports are based on compliance data that is discovered and collected from selected systems in your enterprise.
- Request compliance data from selected systems in your enterprise.
- View compliance reports to see which systems are most at risk.
- See detailed scan results with an in-depth view on compliance failures.
- Use a common dashboard to view compliance validations across different scopes.
- View scan logic to see exactly what each scan is checking.
- Retain and access your results to prepare for internal and external audits.
- Center for Internet Security (CIS) controls
- Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) profiles for z/OS
- Digital Operational Resilience Act (DORA)
- National Institute of Standards & Technology (NIST) SP 800-53
- Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 and Version 3.2.1
In IBM Z Security and Compliance Center, you can see a graphical view of your current compliance status or posture from a single dashboard, based on the currently supported controls and goals. Your organization can use the solution to validate selected systems for the risks that arise from noncompliant system settings. You can view the results of the validations for each set of systems (scope) that you define. The results of a validation scan are displayed in the solution dashboard. To view the results, you require sufficient authorization from your administrator who administers IBM Z Security and Compliance Center.
Your I/T staff such as administrators and security personnel can take actions to address goals that fail or cannot be validated, which might indicate noncompliance issues. With such issues addressed, your organization can use the dashboard to generate updated reports for use with security audits.
IBM Z Security and Compliance Center does not perform real-time monitoring or intrusion detection. However, you can schedule regular scans to collect, validate, and report on the compliance posture.
IBM Z Security and Compliance Center is offered for the IBM Z platform as product ID (PID) 5655-CC1. It is a one-time charge (OTC) product for the IBM z15® or IBM z16™ server.
For the IBM LinuxONE™ platform, IBM offers an equivalent solution, IBM LinuxONE Security and Compliance Center, which is orderable as PID 5655-LC1. It is a one-time charge (OTC) product for the IBM LinuxONE III server or IBM LinuxONE Emperor 4™ server.
Except where otherwise noted, references in this publication to IBM Z Security and Compliance Center and the solution also apply to IBM LinuxONE Security and Compliance Center.