IBM Course Code: TK272G
This course introduces the IBM Security zSecure Audit rule-based compliance evaluation framework.
The course discusses rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, GSD, or PCI-DSS.
The course teaches you how to customize the compliance evaluation for the supported standards to fit your company's requirements. Finally, you learn how to create a company-defined compliance standard.
Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.
What You'll Learn
- Explain the concept of rule-based compliance evaluation with zSecure Audit.
- Run compliance evaluations against the supported standards: GSD, STIG, and PCI-DSS.
- Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard.
- Customize compliance evaluation to fit with company security and audit policies.
- Build customized company-specific compliance standards, rules, and tests.
Who Needs to Attend
The target audience for this advanced level course is security administrators, auditors, and compliance officers.
You should have the following skills:
- Basic knowledge of and experience with z/OS and RACF
- Familiarity with the IBM Security zSecure Audit ISPF panel interface
- Knowledge of and experience with the CARLa programming language
There are no follow-ons for this course.
Unit 1: Rule-based compliance introduction and concepts
- Compliance evaluation framework
- Compliance evaluation input sources
Unit 2: Running compliance evaluations and interpreting the results
- Using the built-in compliance evaluation interface to check against an external standard
- Running compliance evaluations for multiple systems against multiple standards
Unit 3: Customizing compliance standards, rules, or tests
- Customizing the predefined rule sets, rules, and tests to fit the company policies
- Suppressing rules that do not apply to your company
- Building company-specific rule sets, rules, or tests
- Defining a company-specific compliance standard