Deliver Your News to the World

CA Introduces New Solution to Simplify and Automate Essential Mainframe Security Operations


CA Compliance Manager for z/OS Consolidates Real-Time and Historical Monitoring of Management Events to Safeguard IT Environments and Help Eliminate Manual Workloads

ISLANDIA, N.Y. – CA, Inc. (NASDAQ: CA) today announced CA Compliance Manager for z/OS, the first platform-resident solution to provide real-time automated policy management of security and compliance events across the IBM z/OS® environment and mainframe security subsystems—including CA ACF2™, CA Top Secret® and IBM RACF®.

Until now, IT organizations have primarily verified compliance with operational policies by manually checking historical data against their current security implementation—a time-consuming and costly approach that exposes IT organizations to increasing risk as regulatory pressures continue to escalate.

CA Compliance Manager for z/OS addresses this problem through automated monitoring, real-time alerting, and historical reporting. Its automated intelligence is especially important as mainframe environments are made increasingly complex by growing workloads—and as mainframe management tasks are passed on to a new generation of IT professionals with less experience on the z/OS platform.

“Increasing mainframe workloads—combined with a constrained supply of skilled staff—can result in unacceptable risk on the mainframe, which has traditionally been the least vulnerable platform in the enterprise,” said David Hodgson, senior vice president in CA’s Mainframe Business Unit. “CA Compliance Manager for z/OS offers IT organizations a simple and practical means of addressing these vulnerabilities, while reducing the ownership costs that result from labor-intensive manual mainframe auditing processes.”

Fulfilling Regulatory and Audit Requirements

With so many other priorities competing for limited IT time and budget, many organizations are failing to perform sufficiently thorough security reviews of system and OS management activities. According to a PricewaterhouseCoopers’ survey, 73% of respondents believe users are compliant with internal policies—even though less than half actually monitor policy compliance.*

By providing granular, consolidated reporting on policy-related mainframe events, CA Compliance Manager helps IT organizations quickly and easily perform this monitoring and document their compliance to better address regulatory mandates.

“Compliance isn’t about just doing the right thing. It’s about being able to document the fact that you’re doing the right thing—and being able to credibly demonstrate that you can respond quickly and decisively if for any reason someone does the wrong thing,” said Nigel Stanley, practice leader, security, Bloor Research. “By making it easier to fulfill these compliance requirements, CA is helping its customers satisfy regulators, save money, and protect themselves against internal security threats.”

CA Compliance Manager for z/OS leverages CA’s 30+ years of experience and industry leadership in securing IBM’s mainframe platforms. In accordance with CA’s Mainframe 2.0 initiative, CA Compliance Manager for z/OS works with CA Mainframe Software Manager to simplify installation and maintenance.

Detects and Records Changes that Impact Security Policy

CA Compliance Manager detects and records changes that impact security policy—including modifications to CA ACF2, CA Top Secret, and IBM RACF configurations, operating system security configurations, and selected PDS/PDSE data sets. These changes are automatically validated against customer-defined security policies, so that IT organizations can readily discover and act on even the most subtle policy violations.

For example, based on policy definitions, CA Compliance Manager for z/OS can detect if a staff member modifies system components or settings outside of normal procedural guidelines, such as bypassing security mechanisms or change management approval processes—automatically triggering notifications of events that would otherwise go undetected or only be discovered long after the fact.

The entire audit trail generated by CA Compliance Manager for z/OS is retained on the mainframe, enabling mainframe staff to retain control of compliance data and to enhance the scalability of their compliance database.

“CA Compliance Manager solves a number of compliance requirements with its real time alerts and drill-down capabilities not available in the security product itself,” said Patricia Diya, compliance manager for Acxiom® Corporation, a leading provider of IT services including remote infrastructure management and mainframe hosting. “It reduces or completely eliminates significant manual effort to answer questions about who made a change to a file, when it happened, what changed, and the like. Its straight-forward installation and intuitive GUI interface makes it relatively easy to get it up and running quickly.”

New Releases of CA Top Secret and CA ACF2

CA also announced new versions of CA ACF2 and CA Top Secret, which work with CA Compliance Manager to provide a single view of compliance for the mainframe. Enhancements in r14 of both products include exploitation of z/OS 1.10 features, role-based administrative grouping, data classification, resource ownership, and enhanced digital certificate management services using the Distributed Security Integration (DSI) Server.

CA ACF2 and CA Top Secret also are designed to enable organizations to run compliance reporting without impacting the performance of their security environments by transferring security file contents to a mainframe relational database, which can then run both out-of-the-box and ad hoc compliance reports.


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.