Embed Size (px)
Citation preview
1
Whitepaper
1
Whiteppapper
FISMA Compliance on IBM® z/OS with CorreLog Mainframe Security SolutionsA whitepaper from CorreLog for understanding the most relevant NIST guidelines for maintaining FISMA compliance with best-practice SIEM.
The origins of the National Institute of Standards and Technology or NIST date back to the early 1900s to a U.S. agency known as the National Bureau of Standards (NBS). The NBS was founded to provide standards for weights and measures (metrology) for U.S. Government and private sectors, and also took on the development of measurements for standardizing electrical units.
It was the NBS that helped get the modern computer off the ground. Financed by the U.S. Air Force, the NBS built the Standards Eastern Automatic Computer or SEAC and put it into production in Los Angeles, California in May of 1950. In 1988, the NBS became NIST.
After the 9/11 Attacks on the World Trade Center in New York City, NIST was tasked with conducting the initial investigation into the collapse of the building structures. It was NIST has who established programs for improving building and fi re codes, and technical documentation for the construction industry.
NIST also supplies Government, industry and academia with hundreds of Standard Reference Materials (SRMs) for anything from calibration standards for measuring equipment to special publications for the handling of information stored by Federal agencies. One such publication is NIST Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations.” We will take a closer look at SP 800-53 later in this whitepaper.
NIST Responsibilities Under FISMA
This document will provide a general overview of the following NIST Special Publications (SP) and Federal Information Processing Standards (FIPS) publications. We will also review how CorreLog Security Information & Event Management (SIEM) solutions help organizations maintain compliance for mainframe systems and mainframe dataset accesses in accordance with the Federal Information Security Act of 2002, also known as FISMA. It is important to note that we have boiled down 750+ pages of guidelines from the NIST papers into this whitepaper and present this document to you as a starting point of reference for your compliance journey.
We have reviewed the NIST documentation and have surmised that if you start with the following SPs and FIPS publications, you will have a fundamentally sound start on achieving and maintaining FISMA compliance. All IT environments are diff erent and the amount of systems and processes needed to maintain FISMA compliance will vary by industry, organization size, structure, and a myriad of other infl uences. However, if you take a holistic approach to FISMA compliance by bringing all of your data, mainframe and distributed, into a single system of record, you will be well on your way to FISMA compliance. Here are the six SPs and FIPs documents that need to be topmost on your radar to maintain
“…Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyber-space to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business oper-ations…” -- THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS, OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF U.S. DEPARTMENT OF DEFENSE 2006
FISMA compliance. Other FIPS/SPs will obviously apply, and we off er these fi rst seven as a great start on your way to FISMA compliance for your mainframe.
1. NIST FIPS Publication 199 - Standards for Security Categorization of Federal Information and Information Systems
2. NIST FIPS Publication 200 - Minimum Security Requirements for Federal Information and Information Systems
3. NIST SP 800-37 - Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
4. NIST SP 800-39 - Managing Information Security Risk Organization, Mission, and Information System View
5. NIST SP 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations6. NIST SP 800-137 - Information Security Continuous Monitoring for Federal Information Systems and
Organizations
SP 800-39 is regarded as the fl agship NIST document in response to FISMA. SP 800-39’s purpose is to provide guidance for “an integrated, organization-wide program for managing Information Security or InfoSec risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems.” The origins of SP 800-39 are rooted in NIST’s objective of providing a broad, structured and fl exible approach for managing InfoSec risk while other Special Publications give specifi c details of monitoring, assessing and response to threat.
The heftiest of the SPs, weighing in at 462 pages, is SP 800-53. SP 800-53 is the culmination of security standards and guidelines set forth by the Federal Information Security Management Act of 2002 and was designed to recognize the “importance of information security to the economic and national security interests of the United States.” Borne out of the FISMA Act, NIST was assigned responsibility for developing these Government-mandated information security standards and guidelines.
SPs 37 and 137 are support publications to assist with setting up InfoSec systems and maintaining FISMA compliance. More details on SP 800-37 and SP 800-137 will follow later in this whitepaper.
Additionally, NIST developed FIPS Publications 199 and 200 which categorize and defi ne “Minimum Security Requirements for Federal Information and Information Systems.” FIPS 199 is used to assess IT systems and categorize security levels, and FIPS 200 determines the minimum security requirements based on the categorization.
A recent addition to the NIST framework is SP 800-171 which covers protecting “Controlled Unclassifi ed Information” or CUI in non-Federal systems and organizations. SP 800-171 R1 essentially states that if you are a non-Federal entity that comes in contact with Federal CUI, you must adhere to the FISMA standards mentioned within this document
3
NIST SP 800-37: Defi ning the Six-Step Risk Management Framework
Special Publication 800-37 defi nes the common InfoSec framework for the U.S. Government and its contractors. The framework was designed to improve InfoSec, strengthen risk management processes and encourage reciprocity across all federal agencies.
Fundamentally, the risk management framework or RMF consists of a holistic, three-tiered approach involving the entire organization. All three tiers are fully integrated from senior leaders who provide the strategy to front-line workers developing, implementing and operating the IT and business processes that make up the RMF. The framework is designed to establish best-practice controls for InfoSec risk management and off er a means of continuous improvement. The three-tiered approach consists of:
• Tier 1: Organizational Governance & Strategy• Tier 2: Business Processes – Information and Information Flows• Tier 3: Information System Operating Environment
It is the desire of CorreLog to work with clients to help bring all three tiers together in an equally holistic solutions/services approach that considers SP 800-37. CorreLog seeks to gain a full understanding of client policies of governance and organizational strategy, and then work with senior management to understand business processes that help establish security and compliance initiatives. We then work with clients to deploy solutions that meet these governance objectives within the information systems operating environment(s).
NIST SP 800-39: Macro-Approach for Organizational InfoSec Risk Management
Out of the Paperwork Reduction Act (PRA) of 1980 was borne the U.S. Offi ce of Management & Budget’s (OMB) Circular A-130, a directive for Federal Government to establish policies for information resource management. PRA assigned responsibility to the OMB Director to create and maintain a comprehensive set of information resources management mandates. Amongst those, SP 800-39 is directed towards are CIOs, CISOs, and other InfoSec titles spread throughout the U.S. Government.
For Federal agencies, SP 800-39 defi nes the following workfl ow for risk management:1. Frame risk – establish the context for risk-based decisions2. Assess risk3. Respond to risk once determined4. Monitor risk on an ongoing basis for continuous improvement
Additionally, SP 800-39 and the newly published SP 800-171 include considerations for “external risk relationships” that includes suppliers, customers/served populations, business partners, service providers and other constituents with access to Federal data.
The components of SP 800-39’s risk management process can be found in Figure 1 below. The circle in the middle is the fi rst component of the process and addresses how organizations “frame” risk and establish a “risk context.” This part of the process defi nes the risk management strategy that addresses how organizations assess, respond to and monitor risk. The bi-directional arrows exemplify that the information and communication fl ows among all components, as well as the execution order of the components, can be fl exible and dynamic, depending on the strategy set forth in the risk management process.
NIST SP 800-53 Rev. 4: Comprehensive Risk Management
The most recent version of SP 800-53 is Revision 4 (ca. 2013), touted as “the most comprehensive update to the security controls catalog since its inception in 2005.” NIST’s amendments to SP 800-53r4 provide a more holistic approach to InfoSec and adds a host of security controls for “continuous monitoring” of information systems to ensure FISMA compliance.
Figure 1: SP 800-39 Risk Management Process
4
The concept of “overlays” was introduced in Revision 4. Overlays have been introduced as a means of applying standardization and baselining to InfoSec with the capability to defi ne risk tolerances for these controls.
Guidelines issued by SP 800-53r4 include, and are not limited to the following:• Defi ning a consistent, comparable and repeatable approach for specifying security controls• Compiling a category of security controls to meet protection needs• Providing recommendations for controls by internally-assigned category(s) in accordance with FIPS Pub. 199. • Creation of foundation of assessment methods for effi cacy • Improvements to communications across organizational departments/business units for common support of risk
management
NIST SP 800-137: Continuous Monitoring
NIST SP 800-137 defi nes the Information Security Continuous Monitoring (ISCM) process and its importance for maintaining security posture and compliance across complex IT environments that are constantly changing. SP 800-137 defi nes ISCM as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” This special publication emphasizes the need for organizational leadership defi ning the ICSM strategy that involves people, process, technology and operating environments. SP 800-137 instructs that guidelines from organizational leadership include, but are not limited to the following:
• Defi ne risk tolerance and set organizational priorities for risk management • Provide metrics for meaningful indication of security statuses• Continued eff ectiveness of security controls• Verifi es compliance with InfoSec requirements across the organization• Has visibility to all IT assets and the security of those assets• Has visibility to all changes in organizational IT systems • Maintains awareness of threats and vulnerabilities.
CorreLog for Security and Compliance to Facilitate FISMA
CorreLog is the leading SIEM Independent Software Vendor (ISV) for cross-platform system security. CorreLog security solutions operate across IBM mainframe, Windows, UNIX, Linux, and SAP platforms, with an out-of-box FISMA-compliant agent for IBM z/OS.
CorreLog software solutions for mainframe IT Security and Compliance operate in real time, delivering essential data for your distributed SIEM for log management and event correlation while maintaining minimal system resource utilization. Our primary products for mainframe SIEM are:
• CorreLog zDefender™ for z/OS • CorreLog dbDefender™ for DB2 (Database Activity Monitoring)• zDefender™ Visualizer for z/OS
“FISMA, along with the Paperwork Reduction Act of 1995 and the Information Technology Management Reform Act of 1996 (Clinger-Cohen Act), explicitly emphasizes a risk-
based policy for cost-effective security.”-NIST.gov, E-Government Act (107-347) Overview
5
zDefender™ for z/OS resides in an LPAR (or multiple LPARs) and in real time, delivers security event messages from z/OS to distributed SIEM systems and IT Security Operations Centers (SOCs). zDefender™ for z/OS auto-formats event messages from RACF, CA-ACF2, CA-Top Secret, IBM® DB2® and IMS, CICS, IND$FILE, FTP, TCP/IP and other z/OS facilities and in real time, exports the messages to a SIEM or IT SOC.
Additionally, zDefender™ for z/OS converts a myriad of other mainframe events including TSO Logons, and Production Job ABENDs. For ease of deployment, CorreLog’s zDefender™ for z/OS has certifi ed integrations with IBM® QRadar, HP ArcSight, RSA Security Analytics, and has fi eld integrations with every other leading SIEM solution including Splunk, McAfee ESM and cloud vendors such as Solutionary and Dell SecureWorks. The ability to view cross-platform security event log data in real time is a ground-breaking feature of the CorreLog zDefender™ for z/OS. The real-time z/OS agent provides IT security personnel with a more inclusive view of system-wide threat data for a higher level of monitoring user and system accesses related to network intrusion. zDefender™ for z/OS facilitates compliance requirements set forth by FISMA, PCI DSS, GDPR, HIPAA, IRS Pub. 1075, GLBA, SOX, NERC and many other standards.
dbDefender™ for DB2 is CorreLog’s mainframe Database Activity Monitoring (DAM) solution that audits both DB2 and IMS databases with a lightweight software agent. dbDefender™ can be bundled with zDefender™ for z/OS or procured as a standalone DAM solution, and CorreLog can package dbDefender™ for either DB2 or IMS dataset activity. dbDefender™ audits dataset activity for any sign of unauthorized access or even attempt to view datasets, then logs the event messages for auditing and compliance and sends a real-time notifi cation of the activity to the SIEM or SOC. Notifi cations can come in the form of email, SMS text, or SNMP trap. The system can even trigger an event to a helpdesk system for immediate remediation. dbDefender™ can also send the message data to either a mainframe-based SIEM console (zDefender™ Visualizer) or any Windows-/UNIX-based SIEM such as IBM® QRadar®, ArcSight, Splunk and a host of others.
zDefender™ Visualizer is an aff ordable Security Information & Event Management (SIEM) system specially designed and pre-configured for use by z/OS security administrators and system programmers who may not have access to the organization’s SIEM. It provides remote point-and-click functionality into z/OS security and operational events from a standard web browser. zDefender™ Visualizer provides dashboard views, event message correlation, and can send text messages as alerts of security events generated from IBM z/OS subsystems.
The zDefender™ Visualizer dashboard collection is a major advancement over the z/OS green screen most familiar to mainframe users. This mainframe SIEM system delivers a clean, web-based GUI with high-speed search, and the capability to drill down to z/OS security messages with point-and-click functions.
Leveraging CorreLog Agent-based Software to Complement Existing InfoSec Systems to Ensure FISMA Compliance
Th e following table provides additional details about how CorreLog mainframe SIEM products help facilitate FISMA as defi ned by a multitude of NIST publications. Note that the list below provides a guideline for best-practice SIEM on the mainframe side of your IT network. As you will learn from following the NIST documentation, a comprehensive SIEM strategy across all systems, mainframe and distributed, is your best course of action for holistic enterprise IT security.
“Periodic testing and evaluation of the effectiveness of infor-mation security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually”-NIST.gov, Federal Information Security Management Act Overview
6
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
FIPS 200 – Auditing and Accountability• Establishes minimum security requirements for
auditing and authentication for information and information systems
File Integrity Monitoring (FIM) with zDefender™ for z/OS and dbDefenderTM for DB2• Privileged user monitoring with real-time alerts
of any changes to the OS fi le structure
• Monitor RACF, ACF2, TSS, FTP, IND$FILE, DB2, IMS, TCP/IP, CICS, and other z/OS facilities in real time
• Secure audit trails for investigative activity and accountability for privileged users
FIPS 200 - Confi guration Management• “...establish and maintain baseline confi gurations
and inventories of organizational information systems”
• “...establish and enforce security confi guration settings…”
FIM with zDefender™ for z/OS and DAM with dbDefender™ for DB2• Manage z Systems fi le integrity by establishing
the system’s original and secure working state
• Monitor views, accesses, and/or alterations to operating system and datasets with auto-formatted SMF record monitoring
• Secure audit trails to “enforce security confi guration settings” and forensics
FIPS 200 – Multi-tiered Risk Management, Communications• Outlines the process of selecting the minimum
security controls, and what said security controls must include throughout the whole organization
• “Organizations must monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems)”
Real-Time z Systems SIEM Visibility with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Receive/relay mainframe security alerts in email,
text, or other preferred log formats to any SIEM system type
• Alternatively, forward real-time z/OS events to any WIN-/UNIX-based SIEM
• Monitor z/OS privileged users and root access users, security and operational events in real time with a web-based SIEM that any user can access
• Enhance z/OS visibility for risk-based decisions with dashboard views, event message correlation, and point-and-click functionality within browser
continued...
7
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
FIPS 200 & SP 800-53 – Risk Assessment & Security Controls Assessment• A systematized, repeatable approach to risk and
security controls assessment, with minimum security requirements for FISMA-covered entities (FIPS 200)
• Lists requirements for IT security control structures, baselines, and designations (SP 800-53)
• Establish baseline security controls with zDefender™ for z/OS, or dbDefenderTM for DB2 for informed risk-based decisions
• Solutions can be tailored to align with compliance standards and business objectives, with fl exibility to adapt to changing InfoSec requirements.
SP 800-37 – “Near real-time risk management”• To achieve a minimum Risk Management
Framework (RMF), facilitate “ongoing information system authorization through the implementation of robust continuous monitoring processes”
Real-Time z Systems Security Visibility + Alerting with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Monitor z/OS security and operational events in
real-time with a web-based SIEM
• Receive/relay mainframe security alerts in email, text, or other preferred log formats for real-time risk management within the SIEM
• Forward real-time z/OS events to any name-brand WIN-/UNIX-based SIEM with zDefender™ or dbDefender™ for DB2
SP 800-37 – Use of automation for senior leaders to use for cost-eff ective, risk-based decisions. Another feature of an RMF, automation is “encouraged” to “provide senior leaders the necessary information to make cost-eff ective, risk-based decisions…”
Real-Time z Systems SIEM Visibility with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Monitor z/OS privileged and root access users
for security and operational events in real time with a web-based SIEM viewable by any user, anywhere
• Maintain full z/OS visibility for risk-based decisions with dashboard views, event message correlation, and point-and-click functionality within browser
• Receive/relay automated mainframe security alerts in email, text, or other preferred formats for added decision support in WIN-/UNIX-based SIEM or SOC
• Forward real-time z/OS events to any name-brand WIN-/UNIX-based SIEM with zDefender™ or dbDefender™ for DB2
continued...
8
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
SP 800-37 – Integration of InfoSec to organization’s enterprise architecture• A feature of an RMF that helps organizations
with InfoSec inclusion in the normal IT system development life cycle, and inclusion in each facet of organizations’ IT environment
Interoperability and ease of deployment with CorreLog software-based solutions:• zDefender™ Visualizer, zDefender™ for z/OS, and
dbDefender™ for DB2, have certifi ed integration with the leading distributed SIEM systems, and have fi eld integrations with most of the others
• CorreLog’s InfoSec solutions are soft ware-based with agent-driven functionality to correspond with existing WIN-/UNIX-based SIEMs for real-time z/OS security alerts
SP 800-37 – “Establish responsibility and accountability for security controls”
Real-Time z Systems SIEM Visibility + Alerting with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Secure audit trails for the full range of user
activity, including privileged user accesses
• Alternatively, forward real-time z/OS events to any name-brand WIN-/UNIX-based SIEM with zDefender™ for z/OS or dbDefender™ for DB2
SP 800-39 – “Manage threat & vulnerability information with regard to organizational information systems and the environments in which the systems operate”
Real-Time z Systems SIEM Visibility + Alerting with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• zDefender™ Visualizer, zDefender™ for
z/OS, and dbDefenderTM for DB2 are integrated with the leading WIN-/UNIX-based SIEM, including Splunk, HP ArcSight, IBM® QRadar®, RSA® Security Analytics®, LogRhythm, Solutionary, McAfee ESM, Micro Focus, and more.
• Real-time z/OS alerting for added decision support in existing WIN-/UNIX-based SIEM
SP 800-39 – “Establish eff ective vehicles… for communicating & sharing risk-related information among key stakeholders internally & organizations externally”
Real-time z Systems SIEM Visibility with zDefender™ Visualizer, zDefender™ for z/OS, or dbDefender™ for DB2• Receive/relay mainframe security alerts in email,
text, SNMP trap, help desk event, or other preferred formats for collaborative risk/response eff orts
• Monitor z/OS security and operational events in real time with a web-based SIEM, or added decision support to existing WIN-/UNIX-based SIEM with real-time alerts continued...
9
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
SP 800-39 – Risk monitoring Real-Time z Systems SIEM Visibility + Alerting with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Monitor z/OS security and operational events in
real-time with a web-based SIEM
• Maintain full z/OS visibility for risk monitoring with dashboard views, event message correlation, and point-and-click functionality within browser
• Receive/relay mainframe security alerts in email, text, or other preferred formats
• Alternatively, forward real-time z/OS events to any name-brand WIN-/UNIX-based SIEM with zDefender™ for z/OS or dbDefender™ for DB2
SP 800-39 – Risk response• Establishes RMF guidelines to create continuous
improvement in risk analysis, risk response, and risk-based decisions – requiring continual, “near real-time” InfoSec monitoring
Real-Time z Systems SIEM Visibility with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Monitor z/OS privileged user accesses, security
and operational events in real time with a web-based SIEM
• Enhance z/OS visibility for risk-based decisions with dashboard views, event message correlation, and point-and-click functionality within any browser
• Receive/relay mainframe security alerts in email, text, or other preferred formats
• Alternatively, forward real-time z/OS events to any name-brand WIN-/UNIX-based SIEM with zDefender™ for z/OS or dbDefender™ for DB2
SP 800-39 – Software, Firmware, Information Integrity• Selecting security controls for an information
system in order to protect the confi dentiality, integrity, and availability of the system and its information.
FIM with zDefender™ for z/OS and DAM with dbDefender™ for DB2• Manage z Systems fi le integrity by establishing and
monitoring the system’s desired, secure working state with alerts for viewing, accessing, and any attempts to change the secure state of installation
• Monitor views, accesses, and/or alterations to datasets with audit trails for compliance and measurable security status
continued...
10
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
SP 800-53 – “Overlays” complementing initial security control baselines within Industry Sectors
zDefender™ Visualizer, zDefender™ for z/OS
• zDefender™ Visualizer, zDefender™ for z/OS, and dbDefenderTM for DB2 are tailored for visibility and compliance with a range of industry verticals, and maintain FIM for indications of tampering with secure state of installations.
• Use cases are available for Banking/Finance, Healthcare, U.S. Government, Retail, Services, and more.
• CorreLog solutions are key components for FISMA, PCI DSS, GDPR, HIPAA, GLBA, SOX, IRS Pub. 1075, and others
SP 800-53 – “Gap Analyses Perspective” from external service providers accessing systems
z Systems inclusion in organization-wide security strategy for complete risk analysis and gap analysis• zDefender™ Visualizer, zDefender™ for
z/OS, and dbDefenderTM for DB2 allow compatibility with WIN-/UNIX-based SIEM for a complete view of gap and risk analyses
• Real-time z Systems event correlation in zDefender™ Visualizer, or forward z Systems security events to any SIEM with zDefender™ for z/OS and dbDefender™ for DB2 for further correlation
SP 800-137 – Metrics for Security Status• Determining an organization’s security status
based on metrics to maintain situational awareness across all IT systems, understanding threats, assessing security controls, and correlation of security-related information.
DAM and FIM with zDefender™ for z/OS and DAM with dbDefender™ for DB2• Real-time event correlation in WIN-/UNIX-
based SIEM systems via agent-based z/OS log forwarding or zDefender™ Visualizer, with alerting and audit trails in both cases tailored to user/organization-defi ned metrics
continued...
11
NIST Guideline How guideline is facilitated by CorreLog mainframe solutions
SP 800-137 – Visibility into all IT assets & security of assets
Real-Time z Systems SIEM Visibility with zDefender™ Visualizer or existing WIN-/UNIX-based SIEM• Forward real-time z/OS events to any WIN-/
UNIX-based SIEM with zDefender™ for z/OS or dbDefender™ for DB2
• Receive/relay mainframe security alerts in email, text, or other preferred format, including the helpdesk
• Monitor z/OS security and operational events in real-time with a web-based SIEM
• Maintain full z/OS visibility in conjunction with distributed security assets with dashboard views, event message correlation, and point-and-click functionality within browser
SP 800-137 – Maintaining knowledge, visibility, and control over all changes in IT systems
FIM with zDefender™ and DAM with dbDefender™• Manage z Systems fi le integrity by establishing
the system’s desired, secure working state with alerts for viewing, accessing, and any attempts to change the secure state of the operating system Monitor views, accesses, and/or alterations to datasets with audit trails for compliance and measurable security status
• Real-time SMF record monitoring with auto-formatted log forwarding for SIEM correlation
continued...
12
SummaryThe combined total pages of the SPs and FIPS publications referenced in this executive summary exceeds 750 pages. This purpose of this whitepaper on FISMA is not designed to cover all the bases of FISMA. Rather, it is made available to the reader as a guide for senior managers to understand the origins of FISMA, how NIST assists with FISMA compliance, and some of the functionality within CorreLog mainframe SIEM tools that can help maintain your FISMA compliance.
CorreLog’s roots in mainframe computing date back to the 1970s and we have a fundamental understanding of the mainframe as an operational tool to serve the business side of enterprise organizations. With this understanding we have developed operationally sound and highly functional mainframe security tools to assist with FISMA mandates and other compliance standards such as PCI DSS, HIPAA, IRS Pub. 1075, GLBA, etc.
Please contact us at www.CorreLog.com/support if you would like a consultation on setting up your mainframe for the FISMA (or other) standard, and support for maintaining FISMA compliance.
Toll-free USA: 1-877-CorreLog (267-7356)Intl: +1-239-514-3331
