Mainframe Security Assessment: Sub System IBM® MQ
This Service identifies current risks and issues associated with a single IBM® MQ channel*. It includes review of the overall security controls, site-specific sub system, and system configurations.
What you get:
BMC will perform the following for one MQ channel:
- Conduct interviews with key Customer staff including:
- Security engineering
- Security administration
- Systems programming team
- Customer technical management
- Conduct assessment of MQ covering:
- Review of security controls in ESM* including the defined resources and profiles as well as the access granted
- Review of security related configuration settings including definitions contained within the sequential, PDS datasets, or instream
- Analyze data to identify vulnerabilities
- Create draft Security Assessment Report
- Create the Remediation Effort Indicator document detailing issues and risks identified during the security assessment.
- Finalize Security Assessment Report
- Provide encrypted deliverables to Customer
Customer will be responsible for:
- Providing access to key Customer staff for interviews
- Providing remote access to the customer mainframe via Virtual Private Network (VPN) or Virtual Desktop Interface (VDI)
- Reviewing the draft deliverables
- Providing feedback within a timely manner
Deliverables: Using BMC’s standard methodology and templates, the following Deliverables are in scope for this project and will be delivered:
- Security Assessment Report
- Remediation Effort Indicators
Completion Criteria: BMC will have completed these Consulting Services when the in-scope Consulting Services have been completed and the Deliverables have been delivered to the Customer Project Manager.
Prior to the redemption of this service, Customer must provide advanced notification of internal security processes that require BMC to enter into any special terms and conditions before gaining access to Customer’s infrastructure.
- Customer will provide hands-on-keyboard access to the mainframe for BMC consultants.
- Customer will provide BMC with the privileged accounts defined to the ESM, with the appropriate attributes as per the below:
- If RACF®*
- Access to a recent IRRDBU00 file
- If ACF2*
- Ability to LIST all Logonids
- Ability to list all resource and access rules.
- If Top Secret
- Ability to list all TSS* User ACIDS and profiles
- Ability to issues the WHOHAS and WHOOWNS TSS commands
- Ability to create a TSS CFILE
- If RACF®*
- Customer will provide BMC with “READ” access to all the system level datasets such as:
- SMP/e CSI Datasets
- Any other systems that BMC may reasonably require
- Customer will provide BMC with access to:
- Issue MVS and JES2/3 display commands
- Browse the MQ started tasks via SDSF
- Browse the MQ libraries
- Any MQ monitoring software installed
- TSOAUTH class CONSOLE resource
- Estimated Duration: 2-3 weeks
- In-scope Product: BMC AMI Security
- Service Type: Advisory & Planning
- Availability: Active
- Success Service Code: BMSS_SECM_001
- Date Last Updated: 05/02/2022
- ESM: Enterprise Security Management product
- RACF: IBM ESM product
- ACF2: CA Broadcom ESM product
- TSS (Top Secret): CA Broadcom ESM product
- IBM® MQ: IBM standard for program-to-program messaging across multiple platforms.
- IBM® MQ Channel: A single instance of IBM MQ
MQ, RACF, and IBM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.