Security best practices for z/OS virtual server instances

To secure your z/OS virtual server instance and identify any security vulnerabilities, you must refer to the following security information and industry standard security reports.

Products and services in the z/OS stock images are periodically reviewed and updated. IBM continues to follow the standard security guidance and provides differentiating technologies in security and data privacy, focusing on but not limited to the following areas:

• Security patch management
• Firmware currency
• Setup of suggested products and services
• Configuration of hardware and software (operating systems, middleware, third-party applications, open source, network cards, and so on)
• Integration and monitoring of software, hardware, and end-points
• Cybersecurity:
  • Least access privilege
  • Separation of duties
  • Defense-in-depth
  • Authentication strength
  • End-to-end encryption

For this release, you need to follow the security best practices for your z/OS virtual server instance:

• If you want to apply the latest service for your instance, it is suggested that you wait until the next month’s refresh stock image to provision a new z/OS virtual server instance.

• Ensure that you follow the password policy, see Configuring the password.

• For more information about various security topics, see the following references:

  • What is zero trust?

  • NIST Special Publication Security & Privacy Controls for Information Systems & Organizations

  • IBM X-Force Threat Intelligence Report

  • Advanced security on IBM Z

  • PCI DSS v4.0

  • CIS Benchmarks for IBM Z