Search Rocket site

Here’s What You Need to Know About Mainframe Security Package Conversions

Heidi Losee

February 22, 2019

Enterprises need a strong security foundation, especially when it comes to protecting their mission-critical mainframes. Mainframers rely on Enterprise Security Managers (ESMs) – choosing among the three options, CA ACF2®, CA Top Secret®, or RACF® – to manage the security of their environment.

From time to time, enterprises check in on their ESM to make sure they’re working with the package that’s best suited to their needs. Anything from shifting priorities to changes in the ESM market can mean that it’s time to convert to a different package.

But, any organization that's been through it can tell you that transitioning between two ESMs isn’t a well-defined and straightforward process. Traditionally, the conversion has been done manually, giving it a reputation of being labor-intensive and time-consuming.

Doing things manually presents a number of challenges, starting with the difficulty of simply maintaining a high level of data quality and security throughout the conversion. It’s also important to remember that the more unnecessary time your mainframe security and operations team spends on manually configuring your ESM, the less time they can devote to projects that add value to your business.

Here at Rocket, we created a tool that addresses these migration issues – and others – using automation. That tool, z/Assure® Security Conversion Utility™ (SCU), simplifies ESM conversions by automatically performing database cleanup, increasing data accuracy, propagating existing passwords to the new security package and generating informative conversion reports.

Today, Rocket is announcing a slate of new enhancements to z/Assure SCU that build on the tool’s past success and expand its capabilities. If you’re curious about the technical details behind the updates, I’d encourage you to check out the press release for the full story.

Here are a few quick highlights, though. In the updated version, we’re excited to include two-way encryption during password propagation, which helps keep security standards high when organizations are transferring passwords between ESMs. We’ve also expanded our conversion capabilities to go beyond ESMs and include converting internal Db2 security databases to RACF, and we added flexible management capabilities that empower organizations to convert at their own pace.

These enhancements streamline and secure the conversion process, helping to ensure seamless migration between ESMs and other databases.

If you have any questions about how you can use z/Assure SCU to convert to a new mainframe security package, don’t hesitate to reach out – we’d love to hear from you.

Related posts


The Importance of PCI DSS Vulnerability Management for z/OS

Separation of Duties is a Critical Part of your Modern Mainframe Security Strategy

Why You Need a Mainframe Security Architect