Until now, IT organizations have primarily verified compliance with operational policies by manually checking historical data against their current security implementation—a time-consuming and costly approach that exposes IT organizations to increasing risk as regulatory pressures continue to escalate. CA Compliance Manager for z/OS addresses this problem through automated monitoring, real-time alerting, and historical reporting. Its automated intelligence is especially important as mainframe environments are made increasingly complex by growing workloads—and as mainframe management tasks are passed on to a new generation of IT professionals with less experience on the z/OS platform.
"Increasing mainframe workloads—combined with a constrained supply of skilled staff—can result in unacceptable risk on the mainframe, which has traditionally been the least vulnerable platform in the enterprise," said David Hodgson, senior vice president in CA's Mainframe Business Unit. "CA Compliance Manager for z/OS offers IT organizations a simple and practical means of addressing these vulnerabilities, while reducing the ownership costs that result from labor-intensive manual mainframe auditing processes."
Fulfilling Regulatory and Audit Requirements With so many other priorities competing for limited IT time and budget, many organizations are failing to perform sufficiently thorough security reviews of system and OS management activities. According to a PricewaterhouseCoopers' survey, 73% of respondents believe users are compliant with internal policies—even though less than half actually monitor policy compliance.*
By providing granular, consolidated reporting on policy-related mainframe events, CA Compliance Manager helps IT organizations quickly and easily perform this monitoring and document their compliance to better address regulatory mandates.
"Compliance isn't about just doing the right thing. It's about being able to document the fact that you're doing the right thing—and being able to credibly demonstrate that you can respond quickly and decisively if for any reason someone does the wrong thing," said Nigel Stanley, practice leader, security, Bloor Research. "By making it easier to fulfill these compliance requirements, CA is helping its customers satisfy regulators, save money, and protect themselves against internal security threats."
CA Compliance Manager for z/OS leverages CA's 30+ years of experience and industry leadership in securing IBM's mainframe platforms. In accordance with CA's Mainframe 2.0 initiative, CA Compliance Manager for z/OS works with CA Mainframe Software Manager to simplify installation and maintenance.
Detects and Records Changes that Impact Security Policy CA Compliance Manager detects and records changes that impact security policy—including modifications to CA ACF2, CA Top Secret, and IBM RACF configurations, operating system security configurations, and selected PDS/PDSE data sets. These changes are automatically validated against customer-defined security policies, so that IT organizations can readily discover and act on even the most subtle policy violations.
For example, based on policy definitions, CA Compliance Manager for z/OS can detect if a staff member modifies system components or settings outside of normal procedural guidelines, such as bypassing security mechanisms or change management approval processes—automatically triggering notifications of events that would otherwise go undetected or only be discovered long after the fact.
The entire audit trail generated by CA Compliance Manager for z/OS is retained on the mainframe, enabling mainframe staff to retain control of compliance data and to enhance the scalability of their compliance database. "CA Compliance Manager solves a number of compliance requirements with its real time alerts and drill-down capabilities not available in the security product itself," said Patricia Diya, compliance manager for Acxiom' Corporation, a leading provider of IT services including remote infrastructure management and mainframe hosting. "It reduces or completely eliminates significant manual effort to answer questions about who made a change to a file, when it happened, what changed, and the like. Its straight-forward installation and intuitive GUI interface makes it relatively easy to get it up and running quickly."
New Releases of CA Top Secret and CA ACF2 CA also announced new versions of CA ACF2 and CA Top Secret, which work with CA Compliance Manager to provide a single view of compliance for the mainframe. Enhancements in r14 of both products include exploitation of z/OS 1.10 features, role-based administrative grouping, data classification, resource ownership, and enhanced digital certificate management services using the Distributed Security Integration (DSI) Server.
CA ACF2 and CA Top Secret also are designed to enable organizations to run compliance reporting without impacting the performance of their security environments by transferring security file contents to a mainframe relational database, which can then run both out-of-the-box and ad hoc compliance reports.
More information on CA Compliance Manager, CA ACF2, and CA Top Secret is available at www.ca.com/mainframe/security.
* PricewaterhouseCoopers, "Safeguarding the new currency of business: Findings from the 2008 Global State of Information Security Study'," October 2008. About CA CA (NASDAQ: CA) is the world's leading independent IT management software company. With CA's Enterprise IT Management (EITM) vision and expertise, organizations can more effectively govern, manage and secure IT to optimize business performance and sustain competitive advantage. For more information, visit www.ca.com. Additional Resources CA Mainframe Know-How CA Mainframe Newsletter CA Press Releases CA YouTube Channel CA Podcasts CA EXEC I/O Mainframe Blog CAMainframe Twitter CA Compliance Manager for z/OS Flash Demo Trademarks Copyright 2009 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. IBM, z/OS and RACF are trademarks of International Business Machines Corporation in the United States, other countries, or both. Acxiom is a registered trademark of Acxiom Corporation. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Contact Bob Gordon CA, Inc. (631) 342-2391 [email protected]