Search Rocket site

Rocket® Mainframe Compliance Assessment Services

Ensure mainframe security alignment with corporate policy. 

Does your mainframe suffer from excessive access? How do you know? Our compliance assessments help you prevent privileged access while ensuring that your security configuration parameters are in sync with your corporate security policy. We’ll set you up to identify exactly where your critical system configurations may be drifting in the future.

Download datasheet

"33% conduct compliance assessments for their mainframes every one-to-two years, while a more proactive 56% undertake them annually."

Stay ahead of compliance challenges. All of them.

Without systematic attention to compliance, mainframe organizations face undue risk. By taking a base-lining approach to security configurations, security and risk management teams can build a continuous process for identifying where critical system configurations drift from policy while ensuring appropriate access for optimal compliance.

Rocket® Mainframe Compliance Assessment Services deliver a proactive approach to assessing mainframe compliance. Our services are designed and delivered by mainframe security teams with decades of knowledge and experience in protecting z/OS® systems and the data that resides on these systems.

Go deep on your mainframe to ask and answer questions:

  • Are security parameters in sync with our corporate security policy?
  • Do users have the appropriate access for their job function?
  • How pervasive is excessive access?
  • Is our audit logging appropriate for the level of access given to privileged authorities?

A comprehensive compliance assessment starts with a detailed discussion/definition of your needs and objectives. Next, we do a hands-on evaluation of the confidentiality and integrity of all physical and logical systems. Finally, we do a baseline assessment of your current operational environment against your Security Policy. An in-depth review of your current security and mainframe z/OS implementation is achieved using the Compliance Assessment Tool.

A full assessment based on the DISA Stigs includes the following, and much more:
Operating System Control Parameters
System Access parameters
Separation of authority
Security database configurations
Implementation parameter settings
Number of users/groups/profiles/permissions
Role definitions
Users with the ability to bypass security
Password requirements

Powered by technology. Run by experts.

Assessments are empowered with Compliance Assessment Manager (CAM), our top-tier automated mainframe security configuration assessment and compliance toolset. With precise technology, consultants help you identify, analyze, and prepare to run proactive security and compliance scans optimized for your mainframe environment and based on best practices.

Our process covers you end to end:

  • Configuration review
  • Configuration scans
  • Detail reporting on policies, procedures and systems creating risk
  • Detail reporting on system level vulnerabilities and rankings utilizing the DoD standards
  • Guidance on how to mitigate vulnerabilities
  • Executive Report Card and Summary

Compliance assessment at work

We can assist your organization in passing a Security Readiness Review (SRR) for a z/OS mainframe environment with RACF®, CA Top Secret, or CA ACF2® as the Access Control Program (ACP) / Enterprise Security Manager (ESM). Passing an SRR brings mainframe system security into compliance with the security guidelines developed by the Defense Information Security Agency (DISA) for the Department of Defense (DoD), and PCI regulations.

Our engagements include:

  • Out-of-the-box compliance and best practices knowledge
  • Scheduling capabilities for optimal testing
  • &Customization/configuration to your internal security policies
  • Built-in exception management reporting
  • Support for major ESM software packages

A right-sized solution that’s ready when you are.

Proactive reviews and extensive reporting can help reduce the strain on IT resources, while ensuring that critical systems meet compliance standards.

Choose from three levels of consultation, to fit your business and your needs.

  • Compliance Analysis Light
  • Compliance Analysis & Management
  • Compliance Management