CA announced CA Compliance Manager for z/OS, a platform-resident solution to provide real-time automated policy management of security and compliance events across the IBM z/OS environment and mainframe security subsystems-including CA ACF2, CA Top Secret and IBM RACF.
CA Compliance Manager detects and records changes that impact security policy-including modifications to CA ACF2, CA Top Secret, and IBM RACF configurations, operating system security configurations, and selected PDS/PDSE data sets. These changes are automatically validated against customer-defined security policies, so that IT organizations can readily discover and act on even the most subtle policy violations.
For example, based on policy definitions, CA Compliance Manager for z/OS can detect if a staff member modifies system components or settings outside of normal procedural guidelines, such as bypassing security mechanisms or change management approval processes-automatically triggering notifications of events that would otherwise go undetected or only be discovered long after the fact.
The entire audit trail generated by CA Compliance Manager for z/OS is retained on the mainframe, enabling mainframe staff to retain control of compliance data and to enhance the scalability of their compliance database.
CA also announced new versions of CA ACF2 and CA Top Secret, which work with CA Compliance Manager to provide a single view of compliance for the mainframe. Enhancements in r14 of both products include exploitation of z/OS 1.10 features, role-based administrative grouping, data classification, resource ownership, and enhanced digital certificate management services using the Distributed Security Integration (DSI) Server.
CA ACF2 and CA Top Secret also are designed to enable organizations to run compliance reporting without impacting the performance of their security environments by transferring security file contents to a mainframe relational database, which can then run both out-of-the-box and ad hoc compliance reports.