1 day
Online Offline

DescriptionWhat we offer

This course introduces the IBM Security zSecure Audit rule-based compliance evaluation framework.

The course discusses rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, GSD, or PCI-DSS.

The course teaches you how to customize the compliance evaluation for the supported standards to fit your company's requirements. Finally, you learn how to create a company-defined compliance standard.

Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.

ObjectivesWhat you learn

  • Explain the concept of rule-based compliance evaluation with zSecure Audit.
  • Run compliance evaluations against the supported standards: GSD, STIG, and PCI-DSS.
  • Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard.
  • Customize compliance evaluation to fit with company security and audit policies.
  • Build customized company-specific compliance standards, rules, and tests.

TopicsThe best for you

Unit 1: Rule-based compliance introduction and concepts

  • Compliance evaluation framework
  • Compliance evaluation input sources

Unit 2: Running compliance evaluations and interpreting the results

  • Using the built-in compliance evaluation interface to check against an external standard
  • Running compliance evaluations for multiple systems against multiple standards

Unit 3: Customizing compliance standards, rules, or tests

  • Customizing the predefined rule sets, rules, and tests to fit the company policies
  • Suppressing rules that do not apply to your company
  • Building company-specific rule sets, rules, or tests
  • Defining a company-specific compliance standard

PrerequisitesWhat should you know

You should have the following skills:

  • Basic knowledge of and experience with z/OS and RACF
  • Familiarity with the IBM Security zSecure Audit ISPF panel interface
  • Knowledge of and experience with the CARLa programming language

AudienceWho should attend

The target audience for this advanced level course is security administrators, auditors, and compliance officers.