Mainframe Cybersecurity & Compliance

We are pleased to announce that Compliance Event Manager Version 7.0 is Generally Available! We encourage all customers to take advantage of this new release to enjoy the latest features. 

Get Started with Version 7.0

Get started with your Compliance Event Manager 7.0 installation:

• To learn about prerequisites, install options (SMP/E or z/OSMF), and optional migration of your 6.0 event data and logstream, see the Installing documentation.

• To download the Compliance Event Manager 7.0 SMP/E or z/OSMF PAX file, visit the Broadcom Support site.

What's New in Version 7.0

Check out the new features included in Version 7.0:

Enhanced Installation Experience

The SMP/E and z/OSMF installation and configuration are enhanced to simplify the process:

• We improved our SMP/E installation to align with other Broadcom Mainframe product installations, moving away from the Unified Installation Method. The Unified Installation Method is no longer supported. This update means Datacom/AD and Tomcat are no longer packaged with CEM and are now prerequisites. Obtain the Datacom/AD binaries and Tomcat binaries from Common Components and Services (CCS), if not already installed. This change reduces the CEM 7.0 download from over 1GB to approximately 150MB.

• The product has moved to REST APIs (requires Zowe API ML) to replace the LDAP/Policy Server. Doing so reduces the number of FMIDs that the product requires and eases the deployment and maintenance effort. 

• The product now performs an auto-upgrade of the policy database (MAPDB Data Set) to the latest supported version. Auto-upgrade is initiated after you restart any listener component. Auto-upgrade helps ensure that your site is running the most current product features and maintenance without requiring you to run upgrade JCL. 

• The product now provides referential integrity resolution. During the MAPDB auto-upgrade, the product finds and resolves referential integrity violations that might cause incompatibility issues. Referential integrity refers to the relationship among data and whether the data references are valid. Referential integrity helps prevent incorrect records from being added, deleted, or modified. Most referential integrity resolutions are transparent to the user. However, missing group lists and/or SIEM settings require some user intervention. Users are notified through WTO messages when intervention is required.

• JSON Web Token (JWT) is now the default authentication scheme for registering with the Zowe Gateway that the Compliance Event Manager REST API uses. JWT is a simpler setup compared to PassTickets. PassTickets are still supported, if needed.

Improved User Interface

The UI's homepage, navigation, and workflows simplify the user experience:

• We redesigned the CEM homepage to immediately show the status of what systems are being monitored and by which policies. Previously, users had to navigate to a settings page to get this information, which was not intuitive.

• We completely restructured the global navigation. We flattened and re-ordered the navigation to make it easier for users to understand the information architecture and to find the content they need. Hyperlinks between related elements make it more efficient to traverse into policies. Breadcrumbs make it easy to back out, as well as reinforce the hierarchy of product elements.

• We re-architected the workflows for consistency. Throughout the application we consistently use a list-detail-edit pattern. Users can see a list of all elements, click a link to see the details of an individual element, then edit and save that element. 

• We redesigned the list pages for simplicity. Lists now load unfiltered by default and rely on a new toolbar filter so that a user does not waste time learning a previously complex search criteria flow. We also combined all tabbed content into a single table to make it easier to find a specific element. 

Enhanced Reporting to Show Additional Data

Additional fields were added to the Warehouse and Data Mart databases, making the following fields available for reporting:

• CEMV_ACCOUNT_ADMIN, CEMV_MISC_ADMIN, CEMV_POLICY_ADMIN Views:

• cpf_command

• cpf_node

• elevate_class

• elevate_id

• elevate_reason

• elevate_ticket

• elevated_user

• CEMV_OBJECT_ACCESS View:

• elevate_class

• elevate_id

• elevate_reason

• elevate_ticket

• elevated_user

• elevated_user_string

• log_level

• log_level_string

• member

• CEMV_SYSTEM_ACCESS View:

• acf2_uid_string

• cred_type

• cred_type_string

• log_level

• log_level_string

For descriptions of these fields, see the Views documentation.

Enhanced Turnkey Best Practices Policies

We have refactored our turnkey Best Practices policies to make continuous monitoring of industry best practices even easier to implement:

• Split some Best Practices policy statements into multiple policy statements

• Improved the wording in policy actions and statements

• Added additional user variables and group lists to allow customers to refine values for alerting in fewer steps

For information about Best Practices, see Implement Best Practices Security Continuous Monitoring.

ELK Stack Support

Send Compliance Event Manager event data directly to ELK (Elasticsearch, Logstash, Kibana), a Security Information Event Management (SIEM) application, to correlate the data in a searchable repository. Doing so lets you gain deeper insight into potential security exposures, leveraging existing correlation and analytics capabilities.

For configuration procedures, see Configure Logstash to Send Events to ELK.

We look forward to partnering with you as we build more features and enhancements into 7.0 to help simplify your efforts in security continuous monitoring.

Thank you!

-- The Compliance Event Manager Team

------------------------------
Principal Technical Writer
Mainframe Software Division
Broadcom
------------------------------