KRI: a matchless set of security specialists who provide unrivalled mainframe security services, mainframe security software, and unparalleled vulnerability detection technology.

KRI is an organization made up of individuals who are highly qualified in providing information security services and identifying actionable information as it pertains to mainframe security exposures. For the past 30 years, we have safe-guarded some of the world’s largest financial, healthcare, and government enterprises.

Our mission is to guarantee a return on our clients’ security investments by minimizing their exposure to data and integrity security risks.

As a global leader in the mainframe security industry, KRI appreciates the complexities of the information security business and we bring this knowledge, our multinational influence, as well as our global reach to the table when working with our clients, allowing us to protect, detect, and respond to our clients’ security needs on a 24/7-hour basis. We are widely known for our vulnerability detection technology – both configuration and code based and this sets us apart from the competition.

We are an employee-owned company and this allows us to stay true to our open-minded, responsive and energetic culture, as well as our values of confidentiality, professionalism, accountability, and integrity. Our team of consultants is highly experienced with profound mainframe security software development experience and a long-standing IT security background. They also possess a high level of expertise in consulting with clients on how to apply and implement the many and varies security standards and best practices, as well as in evaluating IT operations and systems.

Our History

KRI was founded in 1988 on the principles of Integrity, Accountability, and Communication. We began by providing mainframe security consulting services to Fortune 500 institutions focusing on mainframe security configuration and compliance audits. In 1998 we began doing ESM migrations, focused on RACF and CA ACF2, using a set of in-house written software tools to provide seamless migrations from one ESM to another, merging security databases, and migrating native DB2 security to RACF.

In 2007 KRI began providing comprehensive z/OS environment code-based and configuration-based vulnerability assessments. The z/Assure® Vulnerability Analysis Program™ (VAP) software product was launched in 2009 and the z/Assure Compliance Assessment Manager™ (CAM) product was launched in 2014.

Services We Provide

Interactive Code Scanning using z/Assure Vulnerability Analysis Program (VAP):

  • Operating System Integrity Testing (OSIT) of the operating system, third-party software, and homegrown software and exits.
  • Classifying the source and types of z/OS code vulnerabilities found (including CVSS scoring).
  • Detailed reporting which pinpoints the exact location of the identified code vulnerability.
  • Ensuring that all code residing within the OS layer meets IBM standards for System Integrity.

Compliance Audits using z/Assure Compliance Assessment Manager (CAM):

  • KRI provides traditional information security audits, PCI compliance and DISA STIG audits, and a range of special purpose configuration-based vulnerability assessment audits for defined projects and engagements.

Enterprise Security Product Migration Services:

  • Using a combination of two tools, the z/Assure Security Conversion Utility™ (SCU) and the Security Merge Utility™ (SMU), KRI has converted 30+ organizations to RACF over the past 20 years.
  • Using the z/Assure Security Conversion Utility for DB2 (SCU4DB2)™, KRI has converted five organizations from native DB2 security to RACF over the past 10 years. In total we have converted over 100 DB2 databases.
  • Using the z/Assure Security Merge Utility, KRI has helped organizations restructure and/or merge security databases into newly generated security databases.