VitalSigns SIEM Agent^™ for z/OS | VSA | Compliance

This z/OS SIEM Agent is one of several SDS Mainframe Security & Compliance Tools that can help your organization fill your z/OS security gaps while passing compliance standards.

Large organizations will be familiar with the importance of complying with regulations such as FISMA, GLBA, HIPAA, PCI, SOX, and GPDR. Let’s look at what they cover:

FISMA

The Federal Information Security Management Act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Agency program officials, chief information officers, and inspectors general (IGs) must conduct annual reviews of the agency’s information security program and report the results to Office of Management and Budget (OMB).

FISMA defines a framework for managing information security that must be followed for all information systems used or operated by a US federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. Continuous monitoring activities include configuration management and control of information system components, security impact analyses of changes to the system, ongoing assessment of security controls, and status reporting. The organization establishes the selection criteria and subsequently selects a subset of the security controls employed within the information system for assessment. The organization also establishes the schedule for control monitoring to ensure adequate coverage is achieved. This is where VitalSigns SIEM Agent for z/OS is so important. It takes messages and events from the z/OS mainframe and passes them to a central enterprise SIEM (Security Information and Event Management), where administrators can monitor specific information to ensure the necessary levels of security of their information and information systems.

GLBA

The Gramm–Leach–Bliley Act (also known as the Financial Services Modernization Act) allowed banks, securities companies, and insurance companies to act as investment banks, commercial banks, and insurance companies. The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies receiving this information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. Companies need a way to prove that they are compliant and VitalSigns SIEM Agent for z/OS can do that by collecting mainframe events and messages and storing them in a central SIEM. Here, up-to-date information can be used to immediately flag any issues with customer data collection and disclosure.

HIPAA

The Health Insurance Portability and Accountability Act consists of five Titles:

Title I protects health insurance coverage for workers and their families when they change or lose their jobs.
Title II of HIPAA requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
Title III sets guidelines for pre-tax medical spending accounts.
Title IV sets guidelines for group health plans.
Title V governs company-owned life insurance policies.

There are financial penalties for violating HIPAA rules. Again VitalSigns SIEM Agent for z/OS can help organizations to remain compliant by passing messages and events in real-time from mainframe systems and subsystems to a central SIEM. It’s here that administrators can define specific parameters that they need to be compliant with the five Titles and monitor in depth mainframe events.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations that handle credit cards. The thinking behind it was to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. The PCI DSS specifies twelve requirements for compliance, which are organized into six logically-related groups or ‘control objectives’. VSA intercepts messages and events from z/OS and forwards them immediately to the central enterprise SIEM, where administrators can define specific parameters to monitor events in depth and ensure their merchants remains compliant with the standards.

SOX

The Sarbanes–Oxley Act came about following major corporate and accounting scandals. Top management must individually certify the accuracy of financial information, and penalties for fraudulent financial activity are severe. Again, the Act highlights the importance of information being available and VitalSigns SIEM Agent for z/OS can make that information available to trusted individuals and board members. Messages from mainframe applications and log files are passed to the central enterprise SIEM. It’s here that administrators can drill down into the data collected to ensure the right information is available to the all board members.

GDPR

The General Data Protection Regulation went into effect on May 25, 2018. It’s intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Importantly, it applies to all non-EU companies processing data of EU residents. Not surprisingly, VitalSigns SIEM Agent for z/OS can help organizations to be compliant with this new EU directive. By taking messages from z/OS logs and subsystems such as RACF, ACF2, Top Secret, DB2, CICS, FTP, etc and passing them to the central enterprise SIEM, it allows administrators to monitor in depth what’s happening on those systems and speedily identify any issues with individual’s personal data.

Data Breach

VitalSigns SIEM Agent for z/OS can ensure organizations remain compliant with these and other regulations. The alternative is for an organization to experience some kind of data breach. IBM suggests that there is a greater than 1 in 4 chance that an organization will experience a material data breach in the next two years. What sorts of data breaches are organizations facing? Just under half of those data breaches will come from malicious attacks, of which 60% will be insiders who probably have privileged access. The average cost of a data breach is a staggering $4 million, with lost business accounting for 40% of that figure.

Data breaches fall into five categories:

Regulatory – an organization may be compelled by law or corporate governance to take actions, including remediation, paying fines, and discontinuing services.
Legal – a variety of parties (including government prosecutors or agencies, shareholders, and affected individuals) may seek criminal or civil action.
Remediation – an organization may be compelled to take corrective actions including fixing the breach vulnerability, notifying and supporting affected individuals or organizations, and mounting a public relations campaign.
Lost business – because of the breach or the resulting publicity, both affected and unaffected customers may end their relationships, and the organization may find it more difficult to acquire new customers.
Reputation – loss of reputation may subsequently lead to a reduction in pricing power, diminished marketing effectiveness, and other competitive disadvantages.

These are all things that VitalSigns SIEM Agent for z/OS can help organizations to avoid.

Resources