Re: IBM zSecure Audit reviews?

2018-04-19 Thread ITschak Mugzach 
Beinf familier with both, they are not comparble. ;-) funny, but true.

Itschak

בתאריך יום ה׳, 19 באפר׳ 2018, 18:44, מאת Rob Schramm ‏:

> I am not sure that is true.  Seems to me the issue was that zsecure for TSS
> worked.. but that there were issues with it being official from the CA
> standpoint.
>
> On Thu, Apr 19, 2018, 11:11 AM ITschak Mugzach  wrote:
>
> >  Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf
> experts.
> > Tells only if you are in compliance or not but don't have the stig best
> > practice text. It is also human intensive and you'll send days & cpu to
> > collect data (separate phase) and manually report on each lpar.
> > Regulation requires ibdependent assessment so it wan't help you (but may
> be
> > the expert you'll rent, so no intetest).
> >
> > Cybersecurity is dynamic. How a annual assessment helps you if during the
> > year and even during assessment a security control already reviewed has
> > been changed? Will u be vulenarable a whole year?
> >
> > Iscm is the only methode to keep an eye open on your maingframe security.
> >
> > ITschak
> >
> > בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) ‏<
> > lionel.d...@va.gov>:
> >
> > > I've been asked to look into IBM's zSecure Audit for use with CA Top
> > > Secret and for DISA STIG compliance.
> > >
> > > Can anyone provide me with an unbiased review on the pros/cons of this
> > > product?
> > >
> > > Feel free to e-mail me directly.
> > >
> > > Thank you
> > >
> > >
> >
> --
> > > Lionel B. Dyck (Contractor)  <
> > > Mainframe Systems Programmer - RavenTek Solution Partners
> > >
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> --
>
> Rob Schramm
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM zSecure Audit reviews?

2018-04-19 Thread Carmen Vitullo 
Well, we've been using Zsecure for about 2 years, and are a TSS shop. 
if you want I can get a local contact that support and works with the STIG 
process 


Carmen Vitullo 

- Original Message -

From: "ITschak Mugzach" <imugz...@gmail.com> 
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Thursday, April 19, 2018 10:10:55 AM 
Subject: Re: IBM zSecure Audit reviews? 

Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts. 
Tells only if you are in compliance or not but don't have the stig best 
practice text. It is also human intensive and you'll send days & cpu to 
collect data (separate phase) and manually report on each lpar. 
Regulation requires ibdependent assessment so it wan't help you (but may be 
the expert you'll rent, so no intetest). 

Cybersecurity is dynamic. How a annual assessment helps you if during the 
year and even during assessment a security control already reviewed has 
been changed? Will u be vulenarable a whole year? 

Iscm is the only methode to keep an eye open on your maingframe security. 

ITschak 

בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) ‏< 
lionel.d...@va.gov>: 

> I've been asked to look into IBM's zSecure Audit for use with CA Top 
> Secret and for DISA STIG compliance. 
> 
> Can anyone provide me with an unbiased review on the pros/cons of this 
> product? 
> 
> Feel free to e-mail me directly. 
> 
> Thank you 
> 
> -- 
> Lionel B. Dyck (Contractor) < 
> Mainframe Systems Programmer - RavenTek Solution Partners 
> 
> 
> -- 
> For IBM-MAIN subscribe / signoff / archive access instructions, 
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 
> 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM zSecure Audit reviews?

2018-04-19 Thread Rob Schramm 
I am not sure that is true.  Seems to me the issue was that zsecure for TSS
worked.. but that there were issues with it being official from the CA
standpoint.

On Thu, Apr 19, 2018, 11:11 AM ITschak Mugzach  wrote:

>  Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts.
> Tells only if you are in compliance or not but don't have the stig best
> practice text. It is also human intensive and you'll send days & cpu to
> collect data (separate phase) and manually report on each lpar.
> Regulation requires ibdependent assessment so it wan't help you (but may be
> the expert you'll rent, so no intetest).
>
> Cybersecurity is dynamic. How a annual assessment helps you if during the
> year and even during assessment a security control already reviewed has
> been changed? Will u be vulenarable a whole year?
>
> Iscm is the only methode to keep an eye open on your maingframe security.
>
> ITschak
>
> בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) ‏<
> lionel.d...@va.gov>:
>
> > I've been asked to look into IBM's zSecure Audit for use with CA Top
> > Secret and for DISA STIG compliance.
> >
> > Can anyone provide me with an unbiased review on the pros/cons of this
> > product?
> >
> > Feel free to e-mail me directly.
> >
> > Thank you
> >
> >
> --
> > Lionel B. Dyck (Contractor)  <
> > Mainframe Systems Programmer - RavenTek Solution Partners
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 

Rob Schramm

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: IBM zSecure Audit reviews?

2018-04-19 Thread Dyck, Lionel B. (TRA) 
Agree with all of your points


--
Lionel B. Dyck (Contractor)  <
Mainframe Systems Programmer – RavenTek Solution Partners
Service Operations – Infrastructure Operations
Office of Information and Technology, IT Operations and Services
Office: 512-326-6173


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of ITschak Mugzach
Sent: Thursday, April 19, 2018 10:11 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: IBM zSecure Audit reviews?

 Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts.
Tells only if you are in compliance or not but don't have the stig best 
practice text. It is also human intensive and you'll send days & cpu to collect 
data (separate phase) and manually report on each lpar.
Regulation requires ibdependent assessment so it wan't help you (but may be the 
expert you'll rent, so no intetest).

Cybersecurity is dynamic. How a annual assessment helps you if during the year 
and even during assessment a security control already reviewed has been 
changed? Will u be vulenarable a whole year?

Iscm is the only methode to keep an eye open on your maingframe security.

ITschak

בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) ‏<
lionel.d...@va.gov>:

> I've been asked to look into IBM's zSecure Audit for use with CA Top 
> Secret and for DISA STIG compliance.
>
> Can anyone provide me with an unbiased review on the pros/cons of this 
> product?
>
> Feel free to e-mail me directly.
>
> Thank you
>
> --
> 
> Lionel B. Dyck (Contractor)  <
> Mainframe Systems Programmer - RavenTek Solution Partners
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM zSecure Audit reviews?

2018-04-19 Thread ITschak Mugzach 
 Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts.
Tells only if you are in compliance or not but don't have the stig best
practice text. It is also human intensive and you'll send days & cpu to
collect data (separate phase) and manually report on each lpar.
Regulation requires ibdependent assessment so it wan't help you (but may be
the expert you'll rent, so no intetest).

Cybersecurity is dynamic. How a annual assessment helps you if during the
year and even during assessment a security control already reviewed has
been changed? Will u be vulenarable a whole year?

Iscm is the only methode to keep an eye open on your maingframe security.

ITschak

בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) ‏<
lionel.d...@va.gov>:

> I've been asked to look into IBM's zSecure Audit for use with CA Top
> Secret and for DISA STIG compliance.
>
> Can anyone provide me with an unbiased review on the pros/cons of this
> product?
>
> Feel free to e-mail me directly.
>
> Thank you
>
> --
> Lionel B. Dyck (Contractor)  <
> Mainframe Systems Programmer - RavenTek Solution Partners
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

IBM zSecure Audit reviews?

2018-04-19 Thread Dyck, Lionel B. (TRA) 
I've been asked to look into IBM's zSecure Audit for use with CA Top Secret and 
for DISA STIG compliance.

Can anyone provide me with an unbiased review on the pros/cons of this product?

Feel free to e-mail me directly.

Thank you

--
Lionel B. Dyck (Contractor)  <
Mainframe Systems Programmer - RavenTek Solution Partners


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN