If you handle only one credit card for a customer all year, you must adhere to the standards of the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC dates back to the late 1990s when American Express, Discover Financial Services, JCB International, MasterCard, and Visa collaborated to put a dent in credit card fraud that was running rampant at the time. The result was a list of guidelines delivered in 2006 as the PCI Data Security Standard or PCI DSS.
Nearly 10 years later the PCI DSS has progressed to version 3.1 and covers a multitude of best practices for merchants, payment gateways and banks for securing credit card data. The number of credit cards your business handles -- even if just one! -- does not matter. If your business take one credit card number for a transaction and you are not in PCI DSS compliance, fines to financial institutions can be hundreds of thousands of dollars per month.
PCI DSS does not have a separate set of guidelines for z/OS that it does for Windows/UNIX servers. PCI DSS just issues the guidelines and it is up to the financial institutions and merchants to comply.
The latest version of PCI DSS, 3.1, Requirement 10, states you must "establish a process for linking all access to system components to each individual user," and to "implement automated audit trails for all system components." These are conditions for managing malware intrusion, long considered not applicable to z/OS mainframes. But the standard does not say that the standard does not apply to z/OS; it merely attempts to design controls for managing system-wide data.
CorreLog provides a means to manage system file integrity, a critical component of malware detection, with the SIEM Agent for z/OS. File Integrity Monitoring (FIM) is handled by SIEM Agent in the following ways:
- The SIEM agent logs all database activity monitoring (DAM) and other security event messages for real-time inclusion into an enterprise SIEM system.
- SIEM Agent correlates z/OS messages with other enterprise security events for evidence of suspicious user behavior.
- CorreLog's SIEM Agent converts mainframe event messages to SIEM Syslog protocol in real time so security admins can see z/OS events live in the SIEM console alongside other distributed security events.
- SIEM Agent monitors the secure state if mainframe system installation files by recording access as well as attempts to access the files.
- SIEM Agent for z/OS allows distributed SIEMs to audit mainframe user activity in real time, a key component of PCI DSS and other standards such as HIPAA, SOX, IRS Pub. 1075, FISMA, and other security-related standards.