Aligning security with business processes

It’s essential that businesses ensure all IT systems, including the mainframe, are following the basic data protection and security standards required by industry and federal regulations. But assessing security configurations against policy is a resource-intensive process – until now.

Key Resources provides expert mainframe compliance risk assessment backed by a proven and tested methodology for evaluating CA ACF2®, CA Top Secret® or RACF® environments against current security standards and internal security policies.

  • Compliance Analysis Light (CAL)
  • Compliance Analysis & Management (CAM)
  • Compliance Management – Expert (CAM-Ex)

We use z/Assure® Compliance Assessment Manager (CAM), our automated compliance assessment solution, to help organizations ensure compliance with regulations like DISA STIGs, PCI DSS and HIPAA

Our proven process delivers accurate results and lower costs

Our compliance assessment begins with staff interviews and an evaluation of your current operational environment against your security policy. We use z/Assure® CAM to conduct an in-depth review of your current security and mainframe z/OS® implementation.

We’ve designed z/Assure® CAM to not only baseline against your security policy, but also review current z/OS security configurations against the current DISA STIG standards. Our detailed reporting dramatically reduces the time it takes to verify compliance against 300+ mainframe configuration controls.

Our assessment will answer questions like:

  • Are security parameters in sync with the corporate security policy?
  • Do users have the appropriate access?
  • Is audit logging appropriate for the level of access given to privileged authorities?

A full assessment will include the following, and more:

  • Security Policy Review
  • System Entry Controls
  • General Access Controls and Privileged Authorities
  • CICS Configuration and Access Controls
  • DB2 Configuration and Access Controls
  • Implementation Parameter Settings
  • Logging and Monitoring Procedures
  • Operating System Control Parameters
  • System Access Parameters
  • Excessive Access Checking
  • Separation of Authority
  • Security Database Configurations
  • General Resource Protection

NIST Security and Privacy Controls for Information Systems and Organizations

The National Institute for Standards and Technology’s (NIST) updated guidelines address regulations, like GDPR, CCPA and PCI DSS, that require routine vulnerability scanning for IT systems, including the mainframe.

DISA Stigs


The Department of Defense’s (DoD) Defense Information Systems Agency (DISA) provides the Security Technical Implementation Guide (STIG) for IT security professionals who work within the DoD. The DISA STIGs issue mandates around mainframe vulnerability scanning and software updates.

New York State Financial Service Regulations

New York State Financial Service Regulations

The State of New York has mandated strict cybersecurity regulations that impact financial services doing business within both the city and beyond its borders. Covered entities are required to conduct annual penetration testing and bi-annual vulnerability assessments to identify publicly known cybersecurity vulnerabilities.

HIPAA Compliance on the Mainframe

HIPAA Compliance on the Mainframe

The Health Insurance Portability and Accountability Act (HIPAA) is the top data privacy and security standard for healthcare. Healthcare organizations that rely on the mainframe must continuously monitor active HIPAA policies to prevent, detect, contain and correct security violations.

Learn more about HIPAA compliance.

PCI DSS Compliance on the Mainframe

PCI DSS Compliance on the Mainframe

The Payment Card Industry’s (PCI) Data Security Standards (DSS) were developed to create controls for merchants that store, process or transmit cardholder data on any platform. Given that 87 percent of the world’s credit card transactions are processed on the mainframe, it’s crucial that merchants evaluate these systems for PCI DSS compliance.

Learn more about PCI compliance.

Discover z/Assure® Compliance Assessment Manager™ (CAM)

Federal and industry regulations require businesses to stay on top of risk monitoring and mainframe compliance.

z/Assure CAM, our automated compliance assessment solution, helps protect sensitive data by enabling organizations to enforce security policy across critical mainframe and Enterprise Security Management systems.

CAM provides security and operations teams with a continuous method for identifying and alerting on instances in which critical operating system configuration parameters and ESM security settings drift from policy. The solution is security policy-driven while allowing you to benchmark your security settings against the current DoD DISA STIG & NIST standards.

z/Assure CAM