General Page
Hi everyone,
I am Stephen Dominguez, and I'm the author of this content. I work for IBM Expert Labs.
The Center for internet Security, Inc (CIS®) is a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks®, globally recognized best practices for securing IT systems and data. CIS leads a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.
The intent of this website is to describe how IBM PowerSC can use functionality found in the following set of IBM products and offerings to fulfill CIS 8.1 Safeguards, when securing AIX:
1. IBM PowerSC (PowerSC)
2. IBM Zero Trust Execution for AIX (ZTEA)
3. IBM Power Cyber Vault for AIX (PCV)
I am Stephen Dominguez, and I'm the author of this content. I work for IBM Expert Labs.
The Center for internet Security, Inc (CIS®) is a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks®, globally recognized best practices for securing IT systems and data. CIS leads a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.
The intent of this website is to describe how IBM PowerSC can use functionality found in the following set of IBM products and offerings to fulfill CIS 8.1 Safeguards, when securing AIX:
1. IBM PowerSC (PowerSC)
2. IBM Zero Trust Execution for AIX (ZTEA)
3. IBM Power Cyber Vault for AIX (PCV)
This website is based on CIS Critical Security Controls v8.1 - March 2025
| Control 2 | |||||||
| Inventory and Control of Software Assets | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 2.5 | Allowlist Authorized Software | ∗ | ∗ | ∗ | |||
| 2.6 | Allowlist Authorized Libraries | ∗ | ∗ | ∗ | |||
| 2.7 | Allowlist Authorized Scripts | ∗ | ∗ | ||||
| Control 3 | |||||||
| Data Protection | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 3.3 | Configure Data Access Control Lists | ∗ | ∗ | ∗ | ∗ | ∗ | |
| 3.14 | Log Sensitive Data Access | ∗ | ∗ | ||||
| Control 4 | |||||||
| Secure Configuration of Enterprise Assets and Software | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 4.3 | Configure Automatic Session Locking on Enterprise Assets | ∗ | ∗ | ∗ | ∗ | ||
| 4.6 | Securely Manage Enterprise Assets and Software | ∗ | ∗ | ∗ | ∗ | ||
| 4.7 | Manage Default Accounts on Enterprise Assets and Software | ∗ | ∗ | ∗ | ∗ | ||
| 4.8 | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software | ∗ | ∗ | ∗ | |||
| Control 5 | |||||||
| Account Management | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 5.2 | Use Unique Passwords | ∗ | ∗ | ∗ | ∗ | ||
| 5.3 | Disable Dormant Accounts | ∗ | ∗ | ∗ | ∗ | ||
| Control 6 | |||||||
| Access Control Management | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 6.4 | Require MFA for Remote Network Access | ∗ | ∗ | ∗ | ∗ | ||
| 6.5 | Require MFA for Administrative Access | ∗ | ∗ | ∗ | ∗ | ||
| Control 7 | |||||||
| Continuous Vulnerability Management | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 7.3 | Perform Automated Operating System Patch Management | ∗ | ∗ | ∗ | ∗ | ||
| 7.5 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | ∗ | ∗ | ∗ | |||
| 7.7 | Remediate Detected Vulnerabilities | ∗ | ∗ | ∗ | |||
| Control 8 | |||||||
| Audit Log Management | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 8.2 | Collect Audit Logs | ∗ | ∗ | ∗ | ∗ | ||
| 8.5 | Collect Detailed Audit Logs | ∗ | ∗ | ∗ | |||
| 8.8 | Collect Command-Line Audit Logs | ∗ | ∗ | ∗ | |||
| 8.9 | Centralize Audit Logs | ∗ | ∗ | ∗ | |||
| 8.12 | Collect Service Provider Logs | ∗ | ∗ | ||||
| Control 10 | |||||||
| Malware Defenses | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 10.1 | Deploy and Maintain Anti-Malware Software | ∗ | ∗ | ∗ | ∗ | ∗ | ∗ |
| 10.2 | Configure Automatic Anti-Malware Signature Updates | ∗ | ∗ | ∗ | ∗ | ||
| 10.5 | Enable Anti-Exploitation Features | ∗ | ∗ | ∗ | |||
| 10.6 | Centrally Manage Anti-Malware Software | ∗ | ∗ | ∗ | |||
| 10.7 | Use Behavior-Based Anti-Malware Software | ∗ | ∗ | ∗ | |||
| Control 11 | |||||||
| Data Recovery | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 11.2 | Perform Automated Backups | ∗ | ∗ | ∗ | ∗ | ||
| 11.3 | Protect Recovery Data | ∗ | ∗ | ∗ | ∗ | ||
| 11.4 | Establish and Maintain an Isolated Instance of Recovery Data | ∗ | ∗ | ∗ | ∗ | ||
| 11.5 | Test Data Recovery | ∗ | ∗ | ∗ | |||
| Control 13 | |||||||
| Network Monitoring and Defense | |||||||
| Safeguard Number | Name | IG1 | IG2 | IG3 | PowerSC | ZTEA | PCV |
| 13.1 | Centralize Security Event Alerting | ∗ | ∗ | ∗ | |||
| 13.2 | Deploy a Host-Based Intrusion Detection Solution | ∗ | ∗ | ∗ | |||
| 13.3 | Deploy a Network Intrusion Detection Solution | ∗ | ∗ | ∗ | |||
| 13.7 | Deploy a Host-Based Intrusion Prevention Solution | ∗ | ∗ | ||||
| 13.8 | Deploy a Network Intrusion Prevention Solution | ∗ | ∗ | ||||
| 13.9 | Deploy Port-Level Access Control | ∗ | ∗ | ||||
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSB2BD2","label":"IBM PowerSC"},"ARM Category":[{"code":"a8m3p000000UoK2AAK","label":"PowerSC Standard (PSC)"}],"Platform":[{"code":"PF002","label":"AIX"}],"Version":"2.0.0;2.1.0;2.2.0;2.3.0"}]
Was this topic helpful?
Document Information
Modified date:
11 June 2026
UID
ibm17274521