Mainframe Security PCI Compliance Assessment

The objective of this service offering is to provide InfoSec consulting assistance and expertise to perform an assessment of current IBM mainframe security within CLIENT as controlled by the IBM-RACF, CA Top Secret or CA ACF2 security system, with specific emphasis on PCI-DSS (Payment Card Industry - Data Security Standards) controls. The assessment is based upon a competent and professional review by a senior InfoSec security consultant of the existing security architecture, operation, organization and security audit findings.

A formal document will be delivered describing the findings and recommendations resulting from this security assessment. The document will provide the following deliverables:

  • An executive summary containing a business level introduction followed by a summary of main findings and recommendations.
  • A comprehensive inventory of the current implementation. This is primarily a quantitative analysis that conveys primary security metrics such as User ID counts, logging rates, enforcement levels, numbers of privileged users, number of users with security-bypass authority, new password requirements, obsolete User ID counts, etc. As many of the available metrics as possible are researched, inventoried, and explained within the project timeframe. A systems overview is also included.
  • The findings and recommendations pertaining to approximately twelve primary areas of security concern. In each of these areas, the four topics are documented: Justification for Review, Priority for Concern, Methodology and Approach, and Findings and Recommendation. The primary areas of study include:
    • Specific PCI-DSS Security Analysis
    • PCI-Specific Dataset Security
    • PCI-Specific Database Security
    • PCI-Specific Transaction Security
    • PCI-Specific Encryption Security
    • PCI-Specific Communication/Queue Security
    • Access Control (RBAC, excessive authority, segregation of duties)

A preliminary report will be delivered within ten (10) business days following the completion of onsite data gathering. The preliminary report will be reviewed in a meeting with CLIENT staff; after which any changes will be promptly incorporated and the final report delivered.

Let InfoSec and our highly skilled mainframe security consultants assist you in meeting your mainframe PCI compliance challenges.

Contact Us
Submit Information

TSSadmin Express™

Customers have proven that TSSadmin Express™ significantly increases their current work capacity by simplifying tasks, correlating data and improving productivity. You too can experience the increase in depth, quality and quantity of your mainframe CA Top Secret security administration.

Learn More

PSU Program Offerings

Flexible, expert support when you need it.

Learn More

Stay Connected

Facebook Twitter Linkedin