For Executives

Mainframes are the definition of “mission-critical.” Your  business  cannot  operate without them.  Far from being back-end devices, the functions provided by mainframes are some of the most visible and customer-centric aspects of your technology.

For IT Risk Officers

When it comes to mainframe security, the buck stops with you – not your vendors or partners. The mainframe is the most secure computer system – but it’s still a computer system. The same strategies you use for open systems need to be applied to your mainframes.

For CISO's

Obscurity isn’t security. You need to protect the mainframe just like any other IT system. Up to 70% of your corporate data might reside on the mainframe – and it might be among your least- secured systems. Make OS- level integrity part of your overall security strategy.

For Operations

RACF®, CA ACF2®, and CA Top Secret® are essential for establishing permissions and access control, but they are not a complete security solution. z/Assure VAP is the only product available that can identify vulnerabilities in mainframe OS layer code and automatically scan for compromises to mainframe integrity.


Learn about real risks and prevention measures

Check Out Our Services

You need more than tools; you need our seasoned security risk mitigation professionals.

Our team is comprised of individuals who know z/OS internals. We are technologists with years of experience in mainframe operating system internals, enterprise architecture, and we have extensive experience with mainframe ESMs such as RACF, CA ACF2, and CA Top Secret. The Key Resources Team understands how hackers think, we understand the security risks that threaten z Systems, and we know how to mitigate those risks at in-depth levels of the operating system.

Integrity Assessments

Whether your organization has one mainframe or dozens, their is a common truth that affects you – zero day software vulnerabilities reside in the operating system layer – and you need to find them and mitigate them in order to maintain the integrity of the systems and your data. KRI has the tools to find them, document them, and get them mitigated quickly by the offending vendor. Our scanning service is the cornerstone of a secure mainframe environment.  We strive to integrate mainframe risk, compliance, and security with your other platforms in order to provide you with a cohesive security policy.

Configuration Assessments

KRI provides traditional information security audits, PCI compliance and NIST audits, and a range of special purpose SECURITY assessments for defined projects and engagements.  Our audits allow you to enforce security configuration policies, reporting on configuration settings against company-specific policies, or industry-recognized security configuration assessment templates used for auditing and security hardening. These audits focus on requirements specific to z/OS, but some also address network components, applications, databases and virtual infrastructures.


Key Resources has self-paced online training for developers.  The majority of organizations don’t have the budget to send team members to a day of Cyber security software development training.  Developers often lack the skills necessary to write integrity-based code.  We’ll teach you how to minimize mainframe code based security risks using proactive techniques that include developing an operating system layer Secure Architecture and diagnostic techniques that can be applied during software development.


Key Resources has 30+ years of experience optimizing security migrations and database merges using demonstrated, intelligent software and reporting. Our process has proven over time to be the most cost-effective methodology and our tool sets automatically optimize the database structures. No after the fact clean-up is ever required. The z/Assure® Security Conversion Utility (SCU4DB2)™ provides a proven methodology for converting from native DB2 security to RACF®.

Mainframe Vunerability Scans

Your key to security

KRI has proprietary technology that scans the z/OS operating system, as well as 3rd Party software and home-grown exits, to find and report on zero-day vulnerabilities. This patent pending Vulnerability Management software is offered as a client-licensed or KRI managed service.

Security Gap Analysis

Keep Your Data Safe

KRI has security and compliance audit software, which allows an organization to baseline all of the security and systems configuration parameters against their compliance and security policies. This software automates the entire assessment and reporting process across all ESM's.

Third-Party Security

Validate your Security

z/Assure VAP testing reduces the risk associated with third-party software. With the KRI z/Assured™ program, we manage the entire third-party vulnerability testing and work directly with vendors in your software supply chain to ensure they’re compliant with your corporate security policies.