New CA Tool Automates Mainframe Compliance and Security

Bookmark and Share

CA announced CA Compliance Manager for z/OS, a platform-resident solution to provide real-time automated policy management of security and compliance events across the IBM z/OS environment and mainframe security subsystems-including CA ACF2, CA Top Secret and IBM RACF.

Until now, according to CA, IT organizations have primarily verified compliance with operational policies by manually checking historical data against their current security implementation, a timely and costly approach. CA Compliance Manager for z/OS addresses this problem through automated monitoring, real-time alerting, and historical reporting. Automated intelligence is especially important as mainframe environments are made increasingly complex by growing workloads-and as mainframe management tasks are passed on to a new generation of IT professionals with less experience on the z/OS platform.

There are numerous challenges organizations are facing that justify the need for a solution such as CA's Compliance Manager, Kirk Willis, vice president in CA's Mainframe Business Unit, tells 5 Minute Briefing. In particular, the onslaught of regulatory controls for businesses and the resulting need to manage data in specific ways is a key driver. At many organizations those responsible for adherence to those regulations are utilizing manual processes, which are time-consuming and often don't work well together. Moreover, the regulatory requirements themselves are often changing and therefore processes are not repeatable and prone to error. Compliance-related activities on the mainframe "require a certain amount of expertise" which is problematic due to the "dwindling of the mainframe expertise skill set," Willis adds. "Given the fact that there is more focus on the accountability on the mainframe itself and the policies and the processes in place, and in the absence of these types of skills, clearly CA Compliance Manager helps that."

By providing granular, consolidated reporting on policy-related mainframe events, CA Compliance Manager helps IT organizations perform this monitoring and document compliance. The software detects and records changes that impact security policy-including modifications to CA ACF2, CA Top Secret, and IBM RACF configurations, operating system security configurations, and selected PDS/PDSE data sets. These changes are automatically validated against customer-defined security policies, so that IT organizations can readily discover and act on even the most subtle policy violations. The entire audit trail generated by CA Compliance Manager for z/OS is retained on the mainframe, enabling mainframe staff to retain control of compliance data and to enhance the scalability of their compliance database.

CA also announced new versions of CA ACF2 and CA Top Secret, which work with CA Compliance Manager to provide a single view of compliance for the mainframe. Enhancements in r14 of both products include exploitation of z/OS 1.10 features, role-based administrative grouping, data classification, resource ownership, and digital certificate management services using the Distributed Security Integration (DSI) Server. CA ACF2 and CA Top Secret are designed to enable organizations to run compliance reporting without impacting the performance of their security environments by transferring security file contents to a mainframe relational database, which can then run both out-of-the-box and ad hoc compliance reports.

More information on CA Compliance Manager, CA ACF2, and CA Top Secret is available here.