Take a look at
http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html
This page sets forth the current process for providing a System z
customer and/or its authorized representative with access to
security/integrity information for System z (currently z/OS and z/VM),
including HOLDDATA for z/OS.
On 05/08/12 11:06, Pascoe, Raymond M wrote:
Not sure if this forum is the appropriate place to ask this question, so please
advise.
We have been requested by the Centers for Medicare and Medicaid, as a part of
our mainframe compliance program (using NIST and DISA STIGs) , to use the
national vulnerability database http://web.nvd.nist.gov/view/vuln/search to
identify vulnerabilities which affect the zOS operating system running on the
IBM mainframe.
Is the National Vulnerability Database the right place to look for zOS
vulnerabilities in the first place?
We are primarily looking for vulnerabilities for zOS operating system, but
would also be interested in searching for vulnerabilities in third party
software packages from vendors such as CA Technology.
Any guidance and/or the appropriate keyword search(es) for the NVD which can be
used to meet this objective would be appreciated.
-Ray
Raymond M. Pascoe, CISSP
Risk, Compliance and Monitoring
*Office: 412-544-6261
*e-mail: [email protected]
--
Mark Jacobs
Time Customer Service
Tampa, FL
----
Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.
- Albert Einstein
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
