IBM® Security zSecure™ Compliance and Auditing measures and verifies mainframe security settings, enforces compliance policies and enhances security intelligence. It includes three IBM Security zSecure products to provide automated event analysis, alerts and reports for IBM Resource Access Control Facility (RACF®), CA ACF2 and CA Top Secret Security.

IBM Security zSecure Compliance and Auditing includes IBM Security zSecure Audit—for detection and reporting of security events and exposures—IBM Security zSecure Alert—designed to improve the efficiency of event monitoring and real-time notification—and IBM Security zSecure Command Verifier—to enforce policy and standards for mainframe security.

IBM Security zSecure Compliance and Auditing:

  • Provides automated detection and customized audit reporting of security events and exposures on IBM z/OS®, IBM DB2®, IBM CICS®, IBM IMS™, UNIX, and Linux with IBM System z®
  • Improves the efficiency of automated analysis of security events to enhance security intelligence and reduce risk
  • Enforces and monitors compliance with policies and regulatory requirements to help prevent failed audits and breaches

Provides automated detection and customized audit reporting of security events and exposures

  • Replaces manual audits with automated analysis, reporting and detection of exposures
  • Enables you to customize audit reports and alerts to align with business requirements and demonstrate compliance with corporate policy and standards
  • Offers integration and consolidation with a range of security relevant events for analysis, monitoring and reporting
  • Helps lower cost of event collection, reduces RACF database cleanup time and audit remediation effort

Improves the efficiency of automated analysis of security events

  • Uses data analytics to aid the detection of concealed and complex risks
  • Provides predefined alerts to detect inappropriate actions or user behavior
  • Prioritizes remediation and protection based on severity—and provides integrated remediation for intrusion attempts
  • Analyzes activity to detect, prioritize and automate remediation of security risks
  • Performs automated auditing using a built-in knowledge base

Enforces and monitors compliance with policies and regulatory requirements

  • Provides compliance testing for Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS) and Security Technical Implementation Guide (STIG)
  • Monitors privileged users to detect compliance violations and insider abuse
  • Helps prevent noncompliant RACF commands and corrects improperly specified RACF commands as they are issued
  • Tracks and monitors security baseline and sensitive data set changes
  • Establishes and enforces security policy and separation of duties