Mainframe Security Assessment: Sub System Network

What you get:

BMC will perform the following for a single mainframe network environment:

• Conduct interviews with key Customer staff including:
  • Security engineering
  • Security administration
  • Systems programming team
  • Customer technical management
• Conduct assessment of network covering:
  • Review of security controls in ESM including the defined resources and profiles as well as the access granted
  • Review of security related configuration settings including definitions contained within the sequential, PDS datasets, or instream
• Analyze data to identify vulnerabilities
• Create draft Security Assessment Report
• Create the Remediation Effort Indicator document detailing issues and risks identified during the security assessment
• Finalize Security Assessment Report
• Provide encrypted deliverables to Customer

Customer will be responsible for:

• Providing access to key Customer staff for interviews
• Providing remote access to the customer mainframe via Virtual Private Network (VPN) or Virtual Desktop Interface (VDI)
• Reviewing the draft deliverables
• Providing feedback within a timely manner

Deliverables: Using BMC’s standard methodology and templates, the following Deliverables are in scope for this project and will be delivered:

• Security Assessment Report
• Remediation Effort Indicators

Completion Criteria: BMC will have completed these Consulting Services when the in-scope Consulting Services have been completed and the Deliverables have been delivered to the Customer Project Manager.

Pre-requisites:

Prior to the redemption of this service, Customer must provide advanced notification of internal security processes that require BMC to enter into any special terms and conditions before gaining access to Customer’s infrastructure.

• Customer has obtained the appropriate rights and permissions of any third parties for Customer to provide information relating to such third parties’ hardware, software and solutions and allow BMC to carry out the Services on their hardware, software and solutions that are in scope.
• Customer will provide BMC with the privileged accounts defined to the ESM, with the appropriate attributes as per the below:
  • If RACF^®
    • ROAUDIT
    • Access to a recent IRRDBU00 file
  • If ACF2
    • Ability to LIST all Logonids
    • Ability to list all resource and access rules
  • If Top Secret
    • Ability to list all TSS User ACIDS and profiles
    • Ability to issues the WHOHAS and WHOOWNS TSS commands
    • Ability to create a TSS CFILE
• Customer will provide BMC with “READ” access to all the system level datasets such as:
  • IPLPARM
  • PROCLIB
  • PARMLIB
  • Usermods
  • SMP/e CSI Datasets
  • Any other systems that BMC may reasonably require
• Customer will provide BMC with access to:
  • Issue MVS and JES2/3 display commands
  • The NETSTAT command
  • The IPSEC command
  • TSOAUTH class CONSOLE resource

  Additional information:

  • Estimated Duration: 2-3 weeks
  • In-scope Product: BMC AMI Security
  • Service Type: Advisory & Planning
  • Availability: Active
  • Success Service Code: BMSS_SECN_001
  • Date Last Updated: 09/22/2023

Related Resources:

Additional BMC Services:

As part of your ongoing adoption and extension of BMC capabilities and solutions, the following services complement each other: 

• Mainframe Penetration Test
• Mainframe Security Assessment: ESM - (IBM^® RACF^®, ACF2, Top Secret)
• Mainframe Security Assessment: Sub System IBM^® Db2^®
• Mainframe Security Assessment: Sub System IBM IMS^™
• Mainframe Security Assessment: Sub System IBM^® CICS^®
• Mainframe Security Assessment: Sub System IBM^® MQ
• Mainframe Security Assessment: Sub System IBM^® z/OS^® UNIX^® System Services
• Mainframe Security Assessment: Sub System IBM^® WebSphere^® Application Server