Question & Answer
Question
Answer
There is no applicable IBM AIX SOC 2 Compliance Report.
The scope of an SOC 2 report is operational. It evaluates the internal controls that an organization has put in place to protect customer-owned data. The report evaluates system and information security, availability, integrity, confidentiality, and privacy.
Service Organization Control (SOC) reports are independent, third-party reports issued by assessors certified by the American Institute of Certified Public Accountants (AICPA) addressing the risks associated with an outsourced service.
An example of IBM SOC 2 compliant services would be some IBM Cloud offerings.
- IBM Cloud® compliance: SOC 2
AIX is not an "outsourced service", it is an operating system. Security compliance is managed by the system administration, based on requirements for their company. The SOC Trust Services Categories (TSC) cover:
- Security:
- Information and systems are protected against unauthorized access (both physical and logical), including usage, and modification
- Confidentiality:
- Information designated as confidential is protected to meet the entity’s objectives.
- Availability:
- Information and systems are available for operation and use as committed or agreed.
- Processing Integrity:
- System processing is complete, valid, accurate, timely, and authorized
- Privacy:
- Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
So, the AIX security controls you implement are analyzed in an SOC report, along with other security policies, which include infrastructure, data, procedures, software, and people.
Tips for Securing AIX:
Some customers use PowerSC to maintain AIX compliance with certain standards, like CIS, DoD, GDPR, HIPAA, PCI, SOX-COBIT, SAP.
- IBM PowerSC
- Security and a PowerSC Overview by Nigel Griffiths
Some customers use the native AIX Security Expert (AIXpert) which is integrated in to PowerSC.
- AIX Security Expert
- https://www.ibm.com/docs/en/aix/7.2?topic=security-aix-expert
There are fee-based IBM Security consulting services, which can help you prepare for SOC 2 certification.
- IBM Technology Services (Formerly Systems Lab Services)
And here is more information:
- AIX, Linux, and Red Hat OpenShift Security Services
| SUPPORT |
|---|
|
Security configuration involves comprehensive features. Most of these features require advanced review and planning by administrators who are familiar with all of their system requirements. AIX Support does not make specific recommendations to harden your system. Customization is out of the scope of AIX Support, but if you have specific questions about documented usage, our support experts are happy to assist.
If you have specific questions about usage after reviewing the recommended security documentation, IBM AIX Support will be happy to assist. If you require consulting services, there are more fee-based services available.
If you require usage assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.
1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue. 2. Capture any logs or data relevant to the situation. 3. Contact IBM to open a case: -For electronic support, see the IBM Support Community: 4. Provide a clear, concise description of the issue. - For more information, see: Working with IBM AIX Support: Describing the problem
5. If the system is accessible, collect a system snap, and upload all of the details and data for your case. - For more information, see: Working with IBM AIX Support: Collecting snap data |
Was this topic helpful?
Document Information
Modified date:
25 September 2023
UID
ibm17035446