Security best practices for z/OS virtual server instances

To secure your z/OS virtual server instance and identify any security vulnerabilities, you must refer to the following security information and industry standard security reports.

Products and services in the z/OS stock images are periodically reviewed and updated. IBM continues to follow the standard security guidance and provides differentiating technologies in security and data privacy, focusing on but not limited to the following areas:

• Security patch management
• Firmware currency
• Setup of suggested products and services
• Configuration of hardware and software (operating systems, middleware, third-party applications, open source, and network cards)
• Integration and monitoring of software, hardware, and end-points
• Cybersecurity:
  • Least access privilege
  • Separation of duties
  • Defense-in-depth
  • Authentication strength
  • End-to-end encryption

Make sure that you follow the security best practices for your z/OS virtual server instance:

• If you want to apply the latest service for your instance, you can wait until the next month’s stock image to create a new instance.

• Ensure that you follow the password policy, see Configuring the password.

• For more information, see the following references:

  • What is zero trust?

  • NIST Special Publication Security & Privacy Controls for Information Systems & Organizations

  • IBM X-Force Threat Intelligence Report

  • IBM on Enterprise Security

  • PCI DSS v4.0

  • CIS Benchmarks for IBM z Systems