Getting started with IBM Z Security and Compliance Center

Topics in this part describe the IBM Z® Security and Compliance Center dashboard functions that systems programmers, security administrators, and systems administrators use for daily operations. Common tasks include viewing and analyzing compliance data from participating components and modifying resources and operations.

As the administrator, you are responsible for managing IBM Z Security and Compliance Center after it is installed. Common tasks include authorizing other users, operating the console, and applying periodic updates to the solution software.

When you work with the IBM Z Security and Compliance Center, you interact with several interrelated components, including profiles, goals, and scopes.

Figure 1. IBM Z Security and Compliance Center
This image capture shows the processing flow for the IBM Z Security and Compliance Center.

As shown in Figure 1, you can create profiles, associate them with goals, and enforce them across scopes that you specify to continuously validate your resources for compliance.

As the administrator, you start by creating the collector. Only one collector can be created. Then, you select pre-defined profiles or create custom profiles and associate them with scopes. The scopes designate specific areas of your business for validation against specific regulations or requirements.

With everything configured, the IBM Z Security and Compliance Center works in the background to monitor for potential risk by scanning your resources on a schedule that you determine. When the scans of your resources are complete, the service displays your detailed results in a dashboard. From the dashboard, you can download a detailed report that you can use to provide compliance data to stakeholders or external auditors.

Figure 2. IBM Z Security and Compliance Center
This image capture shows the mapping of goals to controls to a profile in IBM Z Security and Compliance Center.
Note: Running a scan against a specific profile does not ensure regulatory compliance. The scan is intended to provide a point-in-time snapshot of your current compliance posture for a specific group of resources. As such, the scan might provide only a subset of the validations that might be required to demonstrate full compliance for a particular regulation.

Summary of the setup steps

From the IBM Z Security and Compliance Center dashboard, the steps for getting started are summarized as follows:
  1. Log in to the IBM Z Security and Compliance Center.
  2. From the Settings page:
    1. Create the collector.
    2. Create a credential.
    3. Add the IBM Z connection from IBM Z settings.
  3. From the Scopes page:
    1. Create a scope.
  4. Map the credentials to the scopes you defined.

These actions are described in more detail in this chapter.

For typical use case scenarios, see the IBM Redbook Keeping Up With Security and Compliance on IBM zSystems.