IBM i Security


IBM i Security
 
Page Contents
 
 

Learn about Ransomware and IBM i with our Security Thought Leader Robert Andrews!

 
 
Security Services and Remediation
Are you building a new application? Working within the confines of a 20-year old application without source? The IBM i Security Expert Labs team can help you solve even the most complex of security problems. From single sign-on to multi-factor authentication, our team has done it all to ensure the highest level of security for your IBM i System. To start, we recommend our Security Assessment. From there, we can customize a package of services and tools to address the major risks on your system. And if we don't currently have the solution, we can build it for you or work directly with the operating system developers to address your needs! No project is too large or too small for our team to assist you with.
 
Some of the services we often provide are around:
 

Security Assessments

Post Assessment Remediation

TLS and Certificate Setup

System Hardening

Multi-Factor Authentication (MFA)

Single Sign On (SSO)

Data at rest and data in motion Encryption

Security Mentoring - regular education sessions and skills transfer with your staff!

Installation and setup of IBM PowerSC and Security and Compliance Tools for IBM i

If you are interested in discussing your particular situation and needs, contact Ron Bibby at ronbibby@us.ibm.com to set up a no cost briefing with our technical experts today!
 

 
 
 
Security Assessments
 

In order to develop a proper baseline, the IBM i Security Assessment (Video Intro) scans your system for a wide range of security settings and risks. Our review of the core operating system, settings, user profiles, and permissions include:

 
  • Investigate privileged user profiles, command line access, and other significant aspects of the user profiles on the system
  • Investigate password practices
  • Investigate the use of Group Profiles and Authorization Lists
  • Analyze the use of adopted authority and profile swapping
  • Examine communications and TCP/IP exposures (Open Ports and Exit Points)
  • Examine current system value settings
  • Examine current System Service Tools (SST) security settings
  • Examine the subsystem descriptions, job descriptions, output queues, and job queues
  • Analyze access control for Library system objects
  • Analyze access control for IFS directories
  • Analyze file shares for ransomware exposure
  • Examine current Security PTF levels and determine whether CUSTOMER is within those current levels
  • Document the findings and recommendations for securing the system based on findings
  • Examine the IBM i auditing and logging practices used by CUSTOMER and provide recommendations for improvement if determined to be insufficient
  • Review user, programmer, and admin access to data from application
  • Recommend application security design or changes to meet security requirements
  • Provide recommendations on proper development security best practices
 
The assessment generates three items:
 

Executive summary presentation

Comparative matrix of over 1,000 data points

Detailed report (Approximately 150 - 250 pages) showing standards, findings, and recommendations for each area

After we provide the reports to you, we allow a few days for review and comprehension. The assessment then concludes with a final meeting where the results are presented and there is a Q&A period to discuss various areas more in depth. We also provide high-level guidance on remediation or compensating controls.
 
As security is a constantly changing area, IBM recommends you have an IBM i Security Assessment annually to best understand the risks in your current setup and configuration.
 
To inquire, get a quote, or schedule your assessment today, contact Ron Bibby at ronbibby@us.ibm.com.
 

 
 
 
Assets and Tools
 
To assist you in your various security endeavors, the IBM i Security Expert Labs team developed several assets and tools under the Security and Compliance Tools for IBM i family. These assets are not part of the PowerSC IBM products in terms of packaging, documentation, and translation, but these assets get the job done. Many of these items came directly from customer requests to solve pain points and are field tested by real IBM clients. If you are interested in purchasing any of these assets, contact Ron Bibby at ronbibby@us.ibm.com.
 
Security and Compliance Tools for IBM i include:
 
 

*Note: All assets have a cost associated with them!! While you are able to download the code and user guides, these assets do not work without a purchased licensed key. To inquire, get a quote, or purchase assets, contact Ron Bibby at ronbibby@us.ibm.com.

 

IBM i Syslog Reporting Manager (SRM) Licensing Update

As of April 13, 2026, IBM i Syslog Reporting Manager (SRM) will transition from version 2 to version 3.

What’s changing

SRM licensing is moving from a perpetual license with annual SWMA (Software Maintenance) to an annual subscription model. The subscription includes the license, support, and all upgrades.

Existing customers (version 2)

  • Your version 2 license is perpetual and will never expire. You may continue using version 2 indefinitely.
  • Upon renewal, SWMA contracts will transition to the new subscription model.
  • With an active support/subscription contract, you are eligible to upgrade to version 3 at no additional cost. Upgrading is optional.

Important licensing difference:

  • Version 2 keys: do not expire
  • Version 3 keys: expire at the end of your support/subscription term

There is no option for a non-expiring version 3 license.

If you choose to use version 3:

  • Your license key will be valid only for the duration of your subscription
  • Each renewal requires applying a new key with an updated expiration date

New customers (version 3)

  • All new subscriptions will be for version 3
  • There is no upfront license cost—only an annual subscription fee
  • The subscription includes product usage, support, and upgrades
  • License keys are valid for the subscription term and must be renewed when the subscription is renewed

 

On January 1, 2026, the IBM i Security Expert Labs team withdrew from marketing (WFM) the following assets:

 

This means that no new purchases of these assets are possible. Any existing software maintenance (SWMA) contracts will be honored until their current end date. Any SWMA contracts expiring by December 31, 2026, will be able to renew for one additional year only. The end of support (EOS) for all these assets will be at the end of the SWMA contract, but no later than December 31, 2027. All support for these assets will end on December 31, 2027. This gives our existing clients two years to determine how they would like to proceed.

For clients looking for a general IBM i Security and Compliance tool, please consider using IBM PowerSC or the tools built into IBM Navigator for i. For prior CART clients and those with large and complex IBM i enterprises, Expert Labs recommends moving to IBM Database Expert Query for i featuring the Compliance Automation Monitor (CAM). For clients looking to implement MFA on IBM i, please move to the no cost integrated MFA features introduced in IBM i 7.6. For specific tactical needs such as exit point application firewalls and privilege elevation tools, please contact one of the many IBM i Security Business Partners (BPs) which have many offerings in this space.

All existing assets will continue to work in their current form on the currently supported operating systems (up to IBM i 7.6). There are no plans to enhance or build versions of these tools that are compatible with future versions of the OS. Licenses purchased are perpetual and will still be valid. Expert Labs does have the ability to generate new license keys for new serial numbers if a client has already purchased these assets. Contact if you need a new key for existing licenses.

 

 
 
 
Current Security and Compliance Tools for IBM i Versions
 

For a list of the current versions of the Security and Compliance Tools for IBM i, click here.

 
 

 
 
 
What about IBM PowerSC?
 
PowerSC is a brand of IBM Infrastructure that was introduced in 2011 for Security and Compliance Management. Its target was IBM AIX customers and a few years later Linux was added. When PowerSC was introduced, there was no support for IBM i. Recognizing the need for IBM i customers, the IBM i Security Expert Labs team decided to complete the picture with tooling that had been previously available. We then marketed them as the PowerSC Tools for IBM i and this naming stood for the next 8 years. In 2019, limited support for IBM i was added to the PowerSC product family. When this addition of IBM i support to the PowerSC branded tooling occurred, it soon became clear some differentiation was needed to reduce market confusion and as a result the PowerSC Tools for IBM i family of solutions were renamed to the Security and Compliance Tools for IBM i.
 
Today, IBM PowerSC is the primary tool for tracking Security and Compliance across the entire family of IBM Power Systems running AIX, Linux, and yes, IBM i.  The solution can run completely on IBM i, or be used in a mixed environment supporting all endpoint types.  Our Expert Labs team is available to help install and configure PowerSC to monitor and enforce compliance on your IBM i systems.  Reach out to get a quote for assistance today!
 
Naming Timeline
 

 
 
 
Team Members
 
 

 
 
 
Upload Data to our Team
 

 
 
Retention:
IBM retains your personal information only for as long as is required to fulfill the purposes for which the information was collected or until you object to our use of your information (where IBM has a legitimate interest in processing your information), or until you withdraw your consent (where IBM’s processing is based on your consent), unless we are required by law to maintain your personal information for a longer period.
 
Withdrawal of Consent:
If you choose to withdraw your consent from this personal information consent for this site we will remove your information. Contact systems-expert-labs@ibm.com should you have any questions. Once records are deleted it will not be possible to restore them or provide any history. By submitting this form, you agree that IBM may process your data in the manner indicated above and as described in our Privacy policy.
 

 
 
 
Statement of Good Security Practices
 
IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
 

Page Feedback