Training offering

IBM Security zSecure Audit Rule-based Compliance Evaluation and Customization

Overview

This course introduces the zSecure Audit rule-based compliance evaluation framework. The course explains rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance evaluation functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, STIGplus, GSD, or PCI-DSS. The course also teaches you how to customize compliance evaluations for the supported standards to fit your company's requirements. Finally, you learn how to create a company-defined compliance standard. Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.

Public

The target audience for this advanced-level course is security administrators, auditors, and compliance officers.

Prerequisits

Before taking this course, make sure that you have the following skills:

• Basic knowledge of and experience with z/OS and RACF
• Familiarity with the IBM Security zSecure Audit ISPF panel interface
• Knowledge of and experience with the CARLa programming language

Objective

• Explain the concept of rule-based compliance evaluation with zSecure Audit
• Run compliance evaluations against the supported standards GSD331, STIG, and PCI-DSS
• Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard
• Customize compliance evaluations to fit with company security and audit policies
• Build customized system-defined compliance standards, rule sets, rules, and tests

Topics

Unit 1: Rule-based compliance introduction and concepts
Unit 2: Running compliance evaluations and interpret results
Unit 3: Customizing compliance standards, rules, or tests