This course introduces the zSecure Audit rule-based compliance evaluation framework. The course explains rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance evaluation functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, STIGplus, GSD, or PCI-DSS. The course also teaches you how to customize compliance evaluations for the supported standards to fit your company's requirements. Finally, you learn how to create a company-defined compliance standard. Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.

• Explain the concept of rule-based compliance evaluation with zSecure Audit
• Run compliance evaluations against the supported standards GSD331, STIG, and PCI-DSS
• Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard
• Customize compliance evaluations to fit with company security and audit policies
• Build customized system-defined compliance standards, rule sets, rules, and tests

The target audience for this advanced-level course is security administrators, auditors, and compliance officers.

Before taking this course, make sure that you have the following skills:

• Basic knowledge of and experience with z/OS and RACF
• Familiarity with the IBM Security zSecure Audit ISPF panel interface
• Knowledge of and experience with the CARLa programming language

Unit 1: Rule-based compliance introduction and concepts
Unit 2: Running compliance evaluations and interpret results
Unit 3: Customizing compliance standards, rules, or tests

Prior to enrolling, IBM Employees must follow their Division/Department processes to obtain approval to attend this public training class. Failure to follow Division/Department approval processes may result in the IBM Employee being personally responsible for the class charges.

GBS practitioners that use the EViTA system for requesting external training should use that same process for this course. Go to the EViTA site to start this process: http://w3.ibm.com/services/gbs/evita/BCSVTEnrl.nsf

Once you enroll in a GTP class, you will receive a confirmation letter that should show:

The current GTP list price

The 20% discounted price available to IBMers. This is the price you will be invoiced for the class.