Home

Z software

Z security

zSecure

Manager for RACF z/VM

 IBM zSecure Manager for RACF z/VM
Enhance RACF network security management in a complex virtual machine environment
a black background with little blue circles
Add VM network security management horsepower now

IBM z/VM is a highly secure and scalable virtualization technology for cloud infrastructure and for running critical applications. It supports Linux, z/OS, z/VSE, and z/TPF operating systems on IBM Z and LinuxONE servers and can host thousands of virtual servers on a single system. zSecure Manager for RACF z/VM simplifies the complex security administration and IT compliance issues inherent in a virtual machine environment.

With zSecure Manager for RACF z/VM you can execute queries in seconds and implement mass changes with little administrative overhead. You can identify RACF problems on the z/VM operating system, such as missing or inconsistent definitions, enabling you to fix or prevent mistakes before they become a threat to security and compliance. You can copy or move users, groups, resources, applications, or whole databases, and rename IDs within the same database. Produce reports in email format daily, on a custom schedule. Plus, IBM zSecure Manager for RACF z/VM offers an extended framework to support automation and compliance verification.
Get the X-Force Threat Intelligence Index 2024

In 2023, organizations saw a 71% spike in cyberattacks caused by exploiting identities. Check out the new report to learn how to best safeguard identities.
Benefits Automate routine tasks

Simplify complex security administration tasks using one-step actions that can be performed without extensive RACF knowledge.

 Minimize threats to your mainframe

View vital z/VM information and swiftly identify and fix problems that might require further investigation. Rank issues by audit priority with a number indicating the relative impact of a problem.

 Have a single source of truth

Merge security rules from different databases: copy or move users, groups, resources, applications, or whole databases. Rename IDs within the same database.

 Verify security effectiveness

Perform—when merging—extensive consistency checks and report potential conflicts before generating commands. Create a comprehensive audit trail without substantial manual effort.
Features Simplify security administration through automation

Execute queries in seconds and implement mass changes with less administrative overhead.

 Analyze RACF profiles to get fast answers

Read and update the RACF database directly from an OS-formatted disk or a copied or unloaded RACF database. Answer questions such as: “Who has access to this file?” and “Which system special users have not changed their passwords?” Analyze System Management Facility (SMF) information from the live SMF data or from archived SMF data. View information using live data interactively almost immediately after an event has occurred.

 Lower breach risks with automated analysis and reporting

Identify RACF problems on the z/VM operating system, such as missing or inconsistent definitions, enabling you to fix or prevent mistakes before they become a threat to security and compliance. Monitor privileged users to help ensure that old accounts are properly deleted and that products have been well integrated, helping to avoid vulnerabilities that can be exploited by other users.

 Customize reports to meet your specific needs

A short list of report capabilities include: generating reports in XML format, importing report data into databases and reporting tools, viewing data with Microsoft Internet Explorer or Microsoft Excel, allowing managers to view, sort and annotate audit reports and producing reports centrally for automatic distribution to decentralized groups.

 Merge security rules from different databases

Copy or move users, groups, resources, applications, or whole databases, and rename IDs within the same database. Produce reports in email format daily, on a custom schedule, only when specific events occur, or when there is a security breach. Modify displays and reports using CARLa Auditing and Reporting Language (CARLa).

 Support external files of existing data

Filter external supplementary information from existing data sources and corporate applications (such as unit, department, and personnel data) and present it alongside the technical data from z/VM and IBM RACF in automatically generated reports.
I recently said to my manager, if you have to cut down costs, you can take away any tool from me, but please leave me zSecure suite. Marcel Schmidt Assistant VP, z/OS Expert Mainframe Engineering Swiss Re
Technical details Technical specifications

IBM zSecure V2.2.1 also updates currency with products, applications, and standards to include:

  • CA ACF2 and CA Top Secret
  • IBM MQ
  • IBM Integrated Cryptographic Service Facility (ICSF)
  • Windows server
  • Payment Card Industry-Data Security Standard (PCI-DSS)
  • Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs)
 Software requirements

Requirements: A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.

  • IBM z/OS V1R12
  • IBM z/OS V1R13
  • IBM z/OS V2R1
 Hardware requirements

A supported IBM z Systems server that is capable of supporting z/OS V2.1, or later.
zSecure Value Assessments

The value assessments help ensure ROI for your IBM Security investments

 

As your mainframe security needs evolve, going through one of the IBM Z Mainframe Value-Assessments can help ensure you are realizing as much value as possible from your investment in your IBM zSecure solutions.

In this three-hour (remote or on-site) engagement, our team will review your existing utilization of zSecure. Assessments are delivered by our top zSecure technical specialists and practitioners who work side-by-side your security team, at no cost to you.

For participating, you will receive a report explaining how to optimize your overall security posture by:

  1. Outlining our recommended mainframe security end state, including any developments or changes in strategy or environment since implementation.
  2. Providing actionable, prioritized recommendations to move from current to desired state.
  3. Updating your team on the evolving solution set
  4. Showing you how IBM zSecure can continue being enablers for your business in the future.

(NOTE: final reports are usually delivered within a week from the end of the assessment.)
Resources IBM Z Security Workshops: Basic and Advanced

Provide basic and advanced level evaluations to help ensure your mainframe security framework is best practice for your organization and industry.

 View workshops Marilyn’s Mainframe Security Blog

Z People sharing their personal, professional, and technical stories with Marilyn Thornton, our favorite BU executive for Z Mainframe Security.

 Read blogs Documentation: IBM zSecure Manager for RACF z/VM

Versions 1.11.1 and 1.11.2

 Read the documentation IBM Security zSecure suite

An interactive guide to IBM® solutions for managing and maintaining security on the mainframe.

 Read the white paper Your biggest vulnerability: The privileged user

Reduce the risk that comes from privileged user error or malicious external impersonation on mainframes.

 Read the white paper
Related products and services IBM Z Enterprise Security

Protect your business data against cyber threats — inside your data center and throughout your hybrid cloud.

 IBM zSecure Suite

Improve mainframe security, administrative efficiency, and compliance with IBM zSecure products.

 BM zSecure CICS Toolkit

Harness free RACF resources from routine administrative tasks through a CICS interface.
Expert resources to help you succeed
Community

Get technical tips and insights from others who use IBM zSecure Manager for RACF z/VM.

 Explore Product documentation

Find answers quickly in IBM product documentation.

Explore