IBM Support

IBM Security zSecure 3.1 Compliance Standards (July 2025)

News


Abstract

This document provides an overview of the compliance standards that are available in zSecure 3.1 in July 2025.

Content

Summary of changes since the previous  version (March 2025)
  • The following versions were updated:
    Standard name Version
    RACF    		 Version
    ACF2    		 Version
    Top Secret
    IBM z/OS RACF STIG 9.04
    IBM z/OS ACF2 STIG 9.04
    IBM z/OS TSS STIG 9.04
    IBM Security zSecure for RACF STIG 1.03
    IBM Security zSecure for ACF2 STIG 1.03
    z/OS BMC CONTROL-M/Restart 7.01 7.01 7.01
    z/OS BMC CONTROL-O STIG 7.01 7.01 7.01
    z/OS BMC Integrated Operations Architecture (IOA) STIG 7.01 7.01 7.01
    z/OS BMC MainView Systems Management STIG 7.01 7.01 7.01
    z/OS CA Management Information Control System (MICS) Resource Management STIG 7.01 7.01 7.01
    z/OS CA Multi-image Manager (MIM) Resource Sharing STIG 7.01 7.01 7.01
    z/OS CA Roscoe Interactive Environment STIG 7.01 7.01 7.01
    z/OS CA Vtape Virtual Tape System STIG 7.01 7.01 7.01
    z/OS IBM Hardware Configuration Definition (HCD) STIG 7.01 7.01 7.01
    z/OS IBM MQ STIG 7.01 7.01 7.01
    z/OS IBM System Display and Search Facility (SDSF) STIG 7.01 7.01 7.01
    z/OS IBM Tivoli Asset Discovery (TADz) STIG 7.01 7.01 7.01
    z/OS Quest NC-Pass STIG 7.01 7.01 7.01
    IBM Z NetView 7.01 7.01 7.01
    z/OS SRRAUDIT STIG 7.01 7.01 7.01
    z/OS Vanguard Security Solutions (VSS) STIG 7.01
  • DISA removed the following requirement:
    ACF2-OS-000230 IBM z/OS DFSMS control data sets must reside on separate volumes
  • DISA adjusted the specifications for SSH Daemon cipher lines in the following controls: 
    RACF-SH-000020
    ACF2-SH-000050
    TSS0-SH-000020
    		 The IBM SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm
  • DISA added the following requirements:
    RACF-SM-000060
    ACF2-SM-000070
    TSS0-SM-000050    		 IBM z/OS DFSMS control data sets must reside on separate volumes
    RACF-FT-000065
    ACF2-FT-000070    		 IBM z/OS FTP control cards must be properly stored in a secure PDS file
    RACF-TC-000065 IBM z/OS started tasks for the Base TCP/IP component must be defined in accordance with security security requirements
    ACF2-JS-000100 IBM z/OS RJE workstations and NJE nodes must be defined to the FACILITY resource class
The updates are indicated by revision bars in the left margin of the PDF file for this version: zSecure 310 Compliance Standards (July 2025)_1.pdf
See below for the PDF files (and links to the APAR numbers) of previous versions of this technote.

The compliance standards have the following categories:

External Security Manager
(ESM)		 Compliance standards categories
RACF CIS IBM z/OS RACF Benchmark
CIS IBM Db2 for z/OS Benchmark
IBM z/OS RACF STIG
IBM z/OS RACF Products STIG
IBM Security zSecure for RACF STIG
PCI DSS for RACF
ACF2
CIS IBM Db2 for z/OS Benchmark
IBM z/OS ACF2 STIG
IBM z/OS ACF2 Products STIG
IBM Security zSecure for ACF2 STIG
PCI DSS for ACF2
Top Secret CIS IBM Db2 for z/OS Benchmark
IBM z/OS TSS STIG
IBM z/OS TSS Products STIG

Previous versions

[{"Type":"MASTER","Line of Business":{"code":"LOB70","label":"Z TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPN95","label":"IBM Security zSecure Audit"},"ARM Category":[{"code":"a8m0z000000GoYsAAK","label":"zSecure Audit-\u003EDocumentation"}],"ARM Case Number":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"3.1.0"},{"Type":"MASTER","Line of Business":{"code":"LOB70","label":"Z TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSO5Y9T","label":"IBM Z Security and Compliance Center"},"ARM Category":[{"code":"a8m3p000000hC73AAE","label":"ZSCC-\u003EDocumentation"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"1.2.0"}]

Document Information

Modified date:
10 July 2025

UID

ibm17112509

Page Feedback