We know the z/OS Security Business

KRI is an experienced and versatile provider of information security services. We have a high level of expertise in consulting with clients on how to apply and implement security standards and best practices, as well as in evaluating IT operations and systems.

The benefit to KRI clients is maximized by the profound technical knowledge and long-standing IT security background of our consultants. We provide a knowledge-based, in-depth approach to security in customer environments, rather than using the standard practice of high-level checklists.

Information security consulting and evaluation is a high-integrity business and very much requires a matter of trust. All of our employees are committed to sustaining the highest degree of integrity in our client relationships. We are also devoted to delivering the highest quality project results in a timely and cost efficient manner.

Our mission is to guarantee a return on our clients’ security investments by minimizing their exposure to data and integrity security risks.

As a global leader in the mainframe security industry, KRI appreciates the complexities of the information security business and we bring this knowledge, our multinational influence, as well as our global reach to the table when working with our clients, allowing us to protect, detect, and respond to our clients’ security needs on a 24/7-hour basis. We are widely known for our vulnerability detection technology – both configuration and code based and this sets us apart from the competition.

We are an employee-owned company and this allows us to stay true to our open-minded, responsive and energetic culture, as well as our values of confidentiality, professionalism, accountability, and integrity. Our team of consultants is highly experienced with profound mainframe security software development experience and a long-standing IT security background. They also possess a high level of expertise in consulting with clients on how to apply and implement the many and varies security standards and best practices, as well as in evaluating IT operations and systems.

Our History

KRI was founded in 1988 on the principles of Integrity, Accountability, and Communication. We began by providing mainframe security consulting services to Fortune 500 institutions focusing on mainframe security configuration and compliance audits. In 1998 we began doing ESM migrations, focused on RACF and CA ACF2, using a set of in-house written software tools to provide seamless migrations from one ESM to another, merging security databases, and migrating native DB2 security to RACF.

In 2007 KRI began providing comprehensive z/OS environment code-based and configuration-based vulnerability assessments. The z/Assure® Vulnerability Analysis Program™ (VAP) software product was launched in 2009 and the z/Assure Compliance Assessment Manager™ (CAM) product was launched in 2014.

Services We Provide

Interactive Code Scanning using z/Assure Vulnerability Analysis Program (VAP):

  • Operating System Integrity Testing (OSIT) of the operating system, third-party software, and homegrown software and exits.
  • Classifying the source and types of z/OS code vulnerabilities found (including CVSS scoring).
  • Detailed reporting which pinpoints the exact location of the identified code vulnerability.
  • Ensuring that all code residing within the OS layer meets IBM standards for System Integrity.

Compliance Audits using z/Assure Compliance Assessment Manager (CAM):

  • KRI provides traditional information security audits, PCI compliance and DISA STIG audits, and a range of special purpose configuration-based vulnerability assessment audits for defined projects and engagements.

Enterprise Security Product Migration Services:

  • Using a combination of two tools, the z/Assure Security Conversion Utility™ (SCU) and the Security Merge Utility™ (SMU), KRI has converted 30+ organizations to RACF over the past 20 years.
  • Using the z/Assure Security Conversion Utility for DB2 (SCU4DB2)™, KRI has converted five organizations from native DB2 security to RACF over the past 10 years. In total we have converted over 100 DB2 databases.
  • Using the z/Assure Security Merge Utility, KRI has helped organizations restructure and/or merge security databases into newly generated security databases.