Re: IBM zSecure Audit reviews?
Beinf familier with both, they are not comparble. ;-) funny, but true. Itschak בתאריך יום ה׳, 19 באפר׳ 2018, 18:44, מאת Rob Schramm : > I am not sure that is true. Seems to me the issue was that zsecure for TSS > worked.. but that there were issues with it being official from the CA > standpoint. > > On Thu, Apr 19, 2018, 11:11 AM ITschak Mugzach wrote: > > > Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf > experts. > > Tells only if you are in compliance or not but don't have the stig best > > practice text. It is also human intensive and you'll send days & cpu to > > collect data (separate phase) and manually report on each lpar. > > Regulation requires ibdependent assessment so it wan't help you (but may > be > > the expert you'll rent, so no intetest). > > > > Cybersecurity is dynamic. How a annual assessment helps you if during the > > year and even during assessment a security control already reviewed has > > been changed? Will u be vulenarable a whole year? > > > > Iscm is the only methode to keep an eye open on your maingframe security. > > > > ITschak > > > > בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) < > > lionel.d...@va.gov>: > > > > > I've been asked to look into IBM's zSecure Audit for use with CA Top > > > Secret and for DISA STIG compliance. > > > > > > Can anyone provide me with an unbiased review on the pros/cons of this > > > product? > > > > > > Feel free to e-mail me directly. > > > > > > Thank you > > > > > > > > > -- > > > Lionel B. Dyck (Contractor) < > > > Mainframe Systems Programmer - RavenTek Solution Partners > > > > > > > > > -- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM zSecure Audit reviews?
Well, we've been using Zsecure for about 2 years, and are a TSS shop. if you want I can get a local contact that support and works with the STIG process Carmen Vitullo - Original Message - From: "ITschak Mugzach" <imugz...@gmail.com> To: IBM-MAIN@LISTSERV.UA.EDU Sent: Thursday, April 19, 2018 10:10:55 AM Subject: Re: IBM zSecure Audit reviews? Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts. Tells only if you are in compliance or not but don't have the stig best practice text. It is also human intensive and you'll send days & cpu to collect data (separate phase) and manually report on each lpar. Regulation requires ibdependent assessment so it wan't help you (but may be the expert you'll rent, so no intetest). Cybersecurity is dynamic. How a annual assessment helps you if during the year and even during assessment a security control already reviewed has been changed? Will u be vulenarable a whole year? Iscm is the only methode to keep an eye open on your maingframe security. ITschak בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) < lionel.d...@va.gov>: > I've been asked to look into IBM's zSecure Audit for use with CA Top > Secret and for DISA STIG compliance. > > Can anyone provide me with an unbiased review on the pros/cons of this > product? > > Feel free to e-mail me directly. > > Thank you > > -- > Lionel B. Dyck (Contractor) < > Mainframe Systems Programmer - RavenTek Solution Partners > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM zSecure Audit reviews?
I am not sure that is true. Seems to me the issue was that zsecure for TSS worked.. but that there were issues with it being official from the CA standpoint. On Thu, Apr 19, 2018, 11:11 AM ITschak Mugzachwrote: > Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts. > Tells only if you are in compliance or not but don't have the stig best > practice text. It is also human intensive and you'll send days & cpu to > collect data (separate phase) and manually report on each lpar. > Regulation requires ibdependent assessment so it wan't help you (but may be > the expert you'll rent, so no intetest). > > Cybersecurity is dynamic. How a annual assessment helps you if during the > year and even during assessment a security control already reviewed has > been changed? Will u be vulenarable a whole year? > > Iscm is the only methode to keep an eye open on your maingframe security. > > ITschak > > בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) < > lionel.d...@va.gov>: > > > I've been asked to look into IBM's zSecure Audit for use with CA Top > > Secret and for DISA STIG compliance. > > > > Can anyone provide me with an unbiased review on the pros/cons of this > > product? > > > > Feel free to e-mail me directly. > > > > Thank you > > > > > -- > > Lionel B. Dyck (Contractor) < > > Mainframe Systems Programmer - RavenTek Solution Partners > > > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Rob Schramm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] Re: IBM zSecure Audit reviews?
Agree with all of your points -- Lionel B. Dyck (Contractor) < Mainframe Systems Programmer – RavenTek Solution Partners Service Operations – Infrastructure Operations Office of Information and Technology, IT Operations and Services Office: 512-326-6173 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of ITschak Mugzach Sent: Thursday, April 19, 2018 10:11 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: IBM zSecure Audit reviews? Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts. Tells only if you are in compliance or not but don't have the stig best practice text. It is also human intensive and you'll send days & cpu to collect data (separate phase) and manually report on each lpar. Regulation requires ibdependent assessment so it wan't help you (but may be the expert you'll rent, so no intetest). Cybersecurity is dynamic. How a annual assessment helps you if during the year and even during assessment a security control already reviewed has been changed? Will u be vulenarable a whole year? Iscm is the only methode to keep an eye open on your maingframe security. ITschak בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) < lionel.d...@va.gov>: > I've been asked to look into IBM's zSecure Audit for use with CA Top > Secret and for DISA STIG compliance. > > Can anyone provide me with an unbiased review on the pros/cons of this > product? > > Feel free to e-mail me directly. > > Thank you > > -- > > Lionel B. Dyck (Contractor) < > Mainframe Systems Programmer - RavenTek Solution Partners > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM zSecure Audit reviews?
Afail.it doesbn't support tss. Only acf2 & racf. Aid for real mf experts. Tells only if you are in compliance or not but don't have the stig best practice text. It is also human intensive and you'll send days & cpu to collect data (separate phase) and manually report on each lpar. Regulation requires ibdependent assessment so it wan't help you (but may be the expert you'll rent, so no intetest). Cybersecurity is dynamic. How a annual assessment helps you if during the year and even during assessment a security control already reviewed has been changed? Will u be vulenarable a whole year? Iscm is the only methode to keep an eye open on your maingframe security. ITschak בתאריך יום ה׳, 19 באפר׳ 2018, 18:01, מאת Dyck, Lionel B. (TRA) < lionel.d...@va.gov>: > I've been asked to look into IBM's zSecure Audit for use with CA Top > Secret and for DISA STIG compliance. > > Can anyone provide me with an unbiased review on the pros/cons of this > product? > > Feel free to e-mail me directly. > > Thank you > > -- > Lionel B. Dyck (Contractor) < > Mainframe Systems Programmer - RavenTek Solution Partners > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
IBM zSecure Audit reviews?
I've been asked to look into IBM's zSecure Audit for use with CA Top Secret and for DISA STIG compliance. Can anyone provide me with an unbiased review on the pros/cons of this product? Feel free to e-mail me directly. Thank you -- Lionel B. Dyck (Contractor) < Mainframe Systems Programmer - RavenTek Solution Partners -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN