IBM Support

Security Scan Scope and Process - Planning Analytics

Troubleshooting


Problem

To provide timely and effective responses for clients when they run security scans, we provide the following guidelines to help to reduce the noise and to allow support teams to better focus on the highest priority results for our clients.

This process provides guidelines for clients and sets expectations for how Support will process these sorts of requests when logged as cases.

The IBM Cognos and Planning Analytics (CAPA) organization follows the IBM Security and Privacy by Design (SPbD) process, which is a company-wide directive that is strictly enforced.

The IBM SPbD process is inspired by the FIRST Framework, which itself is built on top of multiple international frameworks and by the United States National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

As part of the SPbD process, the IBM Cognos and Planning Analytics (CAPA) organization includes a Secure Engineering team as part of its Quality Engineering team that is responsible to enforce the adoption of the SPbD processes and monitor their adoption on a continuous basis. Every product released by the CAPA organization is then audited by the IBM Business Information Security Office (BISO) team regularly to ensure full compliance with every SPbD practice.

IBM does not publicly disclose or confirm security vulnerabilities until IBM has conducted an analysis of the product and issued fixes or mitigations as per the IBM PSIRT process.

More information on The IBM PSIRT process can be found here: https://www.ibm.com/trust/security-psirt

Our SPbD process, which includes our code scanning practices as part of our SDLC, is covered here: https://www.ibm.com/trust/security-spbd

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSD29G","label":"IBM Planning Analytics"},"ARM Category":[{"code":"a8m50000000KzIkAAK","label":"Planning Analytics-\u003ESecurity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Product":{"code":"SSKVSF","label":"Planning Analytics on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
01 March 2023

UID

ibm16956285

Page Feedback