icon_CloudMgmt icon_DollarSign icon_Globe icon_ITAuto icon_ITOps icon_ITSMgmt icon_Mainframe icon_MyIT icon_Ribbon icon_Star icon_User icon_Users icon_VideoPlay icon_Workload icon_caution icon_close s-chevronLeft s-chevronRight s-chevronThinRight s-chevronThinRight s-chevronThinLeft s-chevronThinLeft s-trophy s-chevronDown
BMC

Mainframe Security Assessment: Sub System IBM IMS™

8 CREDITS

This Service identifies current risks and issues associated with a single IBM IMS™* database instance. It includes review of the overall security controls, site-specific sub system, and system configurations.

What you get:

BMC will perform the following for one IMS database instance:

  • Conduct interviews with key Customer staff including:
    • Security engineering
    • Security administration
    • Systems programming team
    • Customer technical management
  • Conduct assessment of IMS covering:
    • Review of security controls in ESM including the defined resources and profiles as well as the access granted
    • Review of security related configuration settings including definitions contained within the sequential, PDS datasets, or instream
  • Analyze data to identify vulnerabilities
  • Create draft Security Assessment Report
  • Create the Remediation Effort Indicator document detailing issues and risks identified during the security assessment.
  • Finalize Security Assessment Report
  • Provide encrypted deliverables to Customer

Customer will be responsible for:

  • Providing access to key Customer staff for interviews
  • Providing remote access to the customer mainframe via Virtual Private Network (VPN) or Virtual Desktop Interface (VDI)
  • Reviewing the draft deliverables
  • Providing feedback within a timely manner 

Deliverables: Using BMC’s standard methodology and templates, the following Deliverables are in scope for this project and will be delivered:

  • Security Assessment Report
  • Remediation Effort Indicators

Completion Criteria: BMC will have completed these Consulting Services when the in-scope Consulting Services have been completed and the Deliverables have been delivered to the Customer Project Manager.

Pre-requisites:

Prior to the redemption of this service, Customer must provide advanced notification of internal security processes that require BMC to enter into any special terms and conditions before gaining access to Customer’s infrastructure.

  • Customer will provide hands-on-keyboard access to the mainframe for BMC consultants.
  • Customer will provide BMC with the privileged accounts defined to the ESM, with the appropriate attributes as per the below:
    • If RACF®
      •  ROAUDIT
      • Access to a recent IRRDBU00 file
    • If ACF2
      • Ability to LIST all Logonids
      • Ability to list all resource and access rules.
    • If Top Secret
      • Ability to list all TSS User ACIDS and profiles
      • Ability to issues the WHOHAS and WHOOWNS TSS commands
      • Ability to create a TSS CFILE
  • Customer will provide BMC with “READ” access to all the system level datasets such as:
    • IPLPARM
    • PROCLIB
    • PARMLIB
    • Usermods
    • SMP/e CSI Datasets
    • Any other systems that BMC may reasonably require
  • Customer will provide BMC with access to:
    • Issue MVS and JES2/3 display commands
    • Browse the IMS regions via SDSF
    • Browse the PROCLIB dataset in the IMS control region
    • TSOAUTH class CONSOLE resource

Additional information:

  • Estimated Duration: 2-3 weeks
  • In-scope Product: BMC AMI Security
  • Service Type: Advisory & Planning
  • Availability: Active
  • Success Service Code: BMSS_SECI_001
  • Date Last Updated: 05/02/2022
*Definitions

IMS, RACF, and IBM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

Getting started is easy

Service Highlights..