Who knows more about protecting Z than Z people?

Feature spotlights

Policy monitoring enforcement protects data

Prevent noncompliant administrative commands from privileged users that can change or delete all profiles within their scope. Automatically verify command keywords against your specified policies as soon as a IBM® Resource Access Control Facility (RACF®) command is issued to help prevent user errors, regardless of whether the command is initiated from Time Sharing Option (TSO), Interactive System Productivity Facility (ISPF), a batch job or the operator console.

Retrieves command information quickly

zSecure™ Command Audit Trail stores changes to profiles in the RACF database, so you can easily discover when a change to a profile was made and which administrator issued a particular command. Retrieves information on changes in seconds, saving hours of labor.

Defines and determines different types of verification

Specify policies using RACF profiles to determine the type of verification to be performed and to define actions when a noncompliant command is detected, including prevention of command execution. Generate immediate, near real-time alerts if certain RACF commands are issued, helping to prevent system outages caused when administrators issue incorrect RACF commands. Send messages when commands are changed. Grant users access to specific commands who would not normally have authorization.

Works independently of other solutions in the zSecure suite

Installs as part of the RACF Common Command Exit, a standard RACF application programming interface (API). Eliminates the need to design, code and maintain assembler routines that create time demands. Serves as an important add-on to other third-party RACF tools that lack this vital functionality.

Integrates with common IBM platforms

zSecure™ Command Verifier, part of zSecure Compliance and Administration is accessible with IBM Security QRadar® SIEM, IBM Security Guardium®, RACF and IBM MFA solutions.

Scalable for big data systems

V2.2.1 allows storage above the 2 GB boundary ("the bar") to enable processing of more data. Note that the ability to use more virtual memory can have implications for paging and real storage needs. This also frees up storage below the bar for other programs. With models z196 or higher, 64-bit addressing is activated automatically, though reverting back to 31-bit addressing is optional. You can select the program to run using the SE.0 (SETUP RUN) option.

Technical details

Technical specifications

Note that your entitlement to support, if any, is dependent upon your license and/or maintenance agreements for zSecure Command Verifier.

  • CA ACF2 and CA Top Secret
  • IBM MQ
  • IBM Integrated Cryptographic Service Facility (ICSF)
  • Windows server
  • Payment Card Industry-Data Security Standard (PCI-DSS)
  • Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs)

Software requirements

Requirements: A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.

  • IBM z/OS V1R12
  • IBM z/OS V1R13
  • IBM z/OS V2R1

Hardware requirements

A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.

  • Processor: Z800 (minimum); IBM System z9 or z10 Enterprise Class (EC) (recommended)
  • Disk space: 300 MB (minimum); 450 MB (recommended)
  • Memory: 1 GB (minimum); 2 GB (recommended)