 |
Vanguard Enterprise Security Consultancy Services
In combination with
Value-4IT, the
Vanguard Integrity Professionals Services Team
incorporates many experienced and senior personnel with expert,
current and well practised experience, to assist customers with
their Mainframe security activities, including complex
rationalization and migration projects.
How
Good Are Your z/OS and RACF Security Controls?
Security Snapshot™ for IBM z/OS and RACF allows you to quickly and
efficiently assess the current state of the implementation of
security, at a high level, by reviewing your system for the most
common high risk security configuration errors. Leveraging
from Vanguard's expert security consultants and its extensive
database of System z security assessments, we investigate 25 to 30
control points at no charge. The snapshot gives you a clear
sense of the current state of your z/OS and RACF security
implementation.
According to a leading analyst firm, "The largest enterprises have
something like 90% of their critical systems running on the
Mainframe. While the Mainframe platform is technically sound,
security can be compromised by configuration errors and by poor
identity and entitlement administration just as easily than on any
other platform." You can view the webcast
here.
The Security Snapshot requires only a two-hour time investment and
produces significant returns including:
|
■ |
Insight into the existing
state of your z/OS and RACF environment in relation to
others |
|
■ |
An Impact Analysis Assessment
Report that includes an explanation of each exposure
identified, along with its severity and the level of effort
to remediate the issue |
|
■ |
Knowledge that translates into
actionable security intelligence |
Please click
here to schedule a no charge
Security Snapshot for System z and RACF or request more
information.
PCI-DSS Readiness Review
A PCI-DSS Readiness Review is an in-depth assessment showing how
well your z/OS RACF controls have been, or have not been, configured
to comply with the PCI Data Security Standards. Our team of
RACF PCI experts will work with and educate your security
administrators on what is expected from them to be PCI compliant.
Vanguard will deliver a “customizable” document that will be
maintained by you and can be used to demonstrate your compliance
with the annual Report on Compliance (ROC) that is prepared by your
Qualified Security Assessor (QSA).
This review is the most intensive z/OS RACF assessment for PCI
compliance that is available in the marketplace today. The
review of each PCI requirement includes supporting documentation,
policy statements, reference materials, comments and recommendations
that will demonstrate PCI compliance to your auditors and assessors.
PCI remediation and retainer services are also available.
z/OS and RACF Security Assessment
This offering is typically a 3 to 5 day assignment per database.
The objective is to identify security vulnerabilities through
interviews with RACF security personnel and analysis of existing
RACF environment. The deliverable is a document identifying
potential security exposures and vulnerabilities. At the conclusion,
our consultant reviews the assessment findings with the client and
provides recommendations for enhancing their RACF security
environment.
The following are examples of the items reviewed during the Security
Assessment:
|
■ |
Review documented security
policies for users and the protection of information assets
and procedures for provisioning and administration. |
|
■ |
A review of key security
elements of the z/OS operating system implementation,
including the Program Properties Table, Supervisor Calls,
I/O Appendages, and SMF recording. |
|
■ |
A review of RACF system-wide
options, RACF database datasets, RACF general resource class
definitions, RACF exits, and RACF recovery procedures in
place. |
|
■ |
A review of key dataset class
profiles covering sensitive system, Unix System Services
resource and file-system profiles, and sensitive application
data sets. |
|
■ |
A review of key general
resource class profiles, including profiles in the STARTED,
GLOBAL, OPERCMDS, and JES related resource classes. A
review of the RACF group structure and group based access. |
|
■ |
Review the security of the
CICS implementation including CICS security options, user
exits, and RACF profile implementation.
|
RACF Migration Assessment
These assessments are typically 3-day assignments per database.
The objective is to learn as much about the ACF2/TSS and z/OS
environments as possible through personal interviews with staff
members and by gathering data from the ACF2/TSS database.
We also identify elements in the ACF2/TSS environment that will
complicate the conversion process for the ACF2/TSS environment.
The deliverable is a statement of work for migrating the client
from ACF2/TSS to RACF.
RACF Migration Services
Vanguard offers the most comprehensive program in the world for
migration from ACF2/TSS to RACF. Our specialists help
clients properly implement RACF protocols according to "best
practices" methodologies and processes. Vanguard is one of
the world's few vendors certified to use IBM's ACF2 and Top
Secret Migration Utilities. We use these utilities in
addition to our own unique security assurance software tools to
deliver a complete migration that is unobtrusive and efficient
as possible. A RACF Migration Assessment typically
PRECEDES this offering.
Using RACF to Protect SDSF Resources
This is a very complex implementation requiring five RACF
General Resource Classes. At Vanguard we have developed an
automated methodology to provide a quick and accurate
implementation of RACF profiles to replace the SDSF ISFPARMS
security parameters and put security enforcement where it
belongs for SDSF; namely in the hands of the RACF Security team.
Vanguard professional services consultants will work shoulder to
shoulder with your RACF Security team to accomplish this
transition.
DB2 to RACF Security Migration
Vanguard offers a comprehensive program for migration from DB2
internal Grant/Revoke security to RACF security. Our
specialists help clients properly implement RACF protocols
according to "best practices" methodologies and processes.
Vanguard's specialists have extensive experience using the IBM
DB2 to RACF Conversion Utility in addition to our own unique
security assurance software tools to deliver a complete
migration that is unobtrusive and efficient as possible. A
full day education class on DB2 security for DBAs and RACF
administrators is part of the migration services.
RACF Database Merges
Merging RACF Databases is a high risk, complex process.
Vanguard has developed an effective and efficient methodology to
minimize the risk involved in this type of project and has used
this methodology in a large number of RACF Database merge
projects for clients. Complexities include avoiding access
undercuts as a result of the merge, ensuring the “survivor”
fields in the merged profiles are accurate, and dealing with the
need to ensure proper levels of access for all resources being
protected as a result of the merge process. Many clients
prefer to have the Vanguard level of expertise to assist them
with this type of project.
z/OS Infrastructure RACF Security Implementations
When Vanguard performs a RACF Security Assessment we identify
the z/OS infrastructure resources currently being protected by
RACF and those not currently being protected. This
includes resources such as CICS and IMS transactions, Tape
Management System controls, Job Scheduler controls, Automation
controls, and many other z/OS Resource Manager controls.
Vanguard can assist clients with the implementation of RACF
protection for any of these types of Resource Managers.
Using our Vanguard tools during such implementations is included
in the project and provides for efficiencies to reduce the
amount of time required for the implementation as well as
reducing risks involved in these types of projects.
back to top
Identify Issues & Proactively Optimize Your Mainframe Security
Environment. |
|
