An automated compliance assessment tool that helps enterprises enforce IT security policy

How do you stay on top of the latest security best practices and published industry standards? Key Resources created z/Assure® Compliance Assessment Manager (CAM) to help IT risk officers and compliance managers develop a strong mainframe compliance program that includes security policy baselining and risk-based monitoring of critical z/OS security and configuration parameters.

z/Assure® CAM: A step by step guide to compliance

z/Assure® Compliance Assessment Manager (CAM) is an automated compliance assessment solution. z/Assure® CAM provides security and operations teams with a continuous method for identifying and alerting on instances in which critical operating system configuration parameters and ESM security settings drift from policy. The solution is security policy driven, while allowing you to benchmark your security settings against the current NIST and DISA STIG standards.

  1. Your first step is to input your companies security policy parameters into z/Assure® CAM. This machine-readable version of your security policy will contain all of the information z/Assure® CAM needs to create a security baseline against current compliance standards.
  2. We will then extract your current production security and operating system parameter settings into z/Assure® CAM.
  3. z/Assure® CAM can then provide an ongoing review using the security policy baseline and OS parameter extract baseline.
  4. Remediation can then be conducted to resolve vulnerabilities.
  5. Your system will be monitored to ensure all remedies were a success and that no new vulnerabilities arose due to these alterations.

Run your own compliance risk assessments, or turn to the pros

Key Resources provides expert mainframe compliance risk assessment backed by a proven and tested methodology for evaluating CA ACF2®, CA Top Secret® or RACF® environments against current security standards and internal security policies. Our proven process delivers accurate results at lower costs.

We offer three levels of consultation:

  • Compliance Analysis Light (CAL)
  • Compliance Analysis & Management (CAM)
  • Compliance Management – Expert (CAM-Ex)

Frequently asked questions

z/Assure® CAM is an automated configuration based vulnerability assessment solution that assists organizations in passing a Security Readiness Review for a z/OS mainframe environment with RACF, CA Top Secret or CA ACF2 as the Enterprise Security Manager.

See below for common questions about z/Assure® CAM, and click to review our complete FAQ.

z/Assure® CAM benefits include:

  • Significantly reduces the time, effort, and personnel required to perform an audit or Security Readiness Review (SRR)
  • Provides a security policy that can be customized to your own regulatory and/or audit requirements.
  • Reports compliance findings for remediation
  • Ease of installation and ease of use
  • Repeatability, providing consistent results

z/Assure® CAM uses a Machine-Readable Security Policy (MSRP) to compare expected results in the MSRP to the actual results on the system and reports on any differences found.

A Machine-Readable Security Policy is a file that is read by z/Assure® CAM. The Machine-Readable Security Policy is made up of one or more checklists. Each checklist is made up of one or more checks. A check is made up of one or more penetration tests and a penetration test is either a manual test, a settings test, or an excessive access check.

Initially, it is expected that z/Assure® CAM will be run ‘on-demand’ until compliance with the installation’s Machine-Readable Security Policy is achieved. Once compliance has been achieved, Key Resources recommends that a daily execution interval.

z/Assure® CAM provides two types of reports, a Summary Report, and a Detailed Report.

The Summary Report has two versions, a Summary Statistics Report, and a Summary Detail Report. The Summary Statistics Report is a subset of the Summary Detailed Report and provides a pass/fail indication for each checklist that was executed. The Summary Detailed Report contains the information in the Summary Statistics Report and in addition provides a pass/fail indication for each check that was performed. The Summary Reports are most useful once compliance with the MSRP has been achieved to quickly determine if the system is still in compliance.

The Detail Report provides detailed information for any errors. Errors may include failing checks but may also include required MSRP customization that has yet to be completed. The description of the message provides information on what needs to be done to correct the error.

The following system requirements must be met to install and run z/Assure® CAM:

  • z/OS 2.1 and above
    A SORT program must be available without requiring a STEPLIB DD statement and it must be named SORT
  • Library for REXX on zSeries (5695-014) or the REXX Alternate library support must be available
  • The Catalog search interface is used by z/Assure® CAM. All catalogs might be searched, therefore any issues with your catalog structure must be repaired prior to running z/Assure® CAM.

The Detail Report provides detailed information for any errors. Errors may include failing checks but may also include required MSRP customization that has yet to be completed. The description of the message provides information on what needs to be done to correct the error.

Request more information

Contact Key Resources today to try z/Assure® CAM or talk to a team member about our professional compliance risk assessments. We’ll share the knowledge and tools you need to keep your most important IT systems secure.