Not sure if this forum is the appropriate place to ask this question, so please advise.
We have been requested by the Centers for Medicare and Medicaid, as a part of our mainframe compliance program (using NIST and DISA STIGs) , to use the national vulnerability database http://web.nvd.nist.gov/view/vuln/search to identify vulnerabilities which affect the zOS operating system running on the IBM mainframe. Is the National Vulnerability Database the right place to look for zOS vulnerabilities in the first place? We are primarily looking for vulnerabilities for zOS operating system, but would also be interested in searching for vulnerabilities in third party software packages from vendors such as CA Technology. Any guidance and/or the appropriate keyword search(es) for the NVD which can be used to meet this objective would be appreciated. -Ray Raymond M. Pascoe, CISSP Risk, Compliance and Monitoring *Office: 412-544-6261 *e-mail: [email protected] ________________________________ This e-mail and any attachments to it are confidential and are intended solely for use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this e-mail without the author's prior permission. The views expressed in this e-mail message do not necessarily represent the views of Highmark Inc., its subsidiaries, or affiliates. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
