NIST SP 800-207 - What's New in Zero Trust Architecture is an August 2020 publication outlining best practices for Zero Trust.
AE6 - Auditing z/OS to Generally Accepted Security Practices (GASP) - Version 1 - Unlike professional accountants who can rely on the long- standing rubric of Generally Accepted Accounting Practices (GAAP) as a basis to measure their actions and client processes, there is no such a standard for z/OS Security professionals to follow. The z Exchange seeks to resolve this void and address the z/OS skills challenge head on by opening up to our community a conversation that we hope will culminate in a first ever statement of Generally Accepted Security Practices (GASP) for z/OS.
AE5 - Securing Crypto on Z - This is a series of six eBooks written by Greg Boyd from mainframecrypto. All six eBooks are available. Follow this link to register for the download links.
AE4 - Are your PORTs safe? How do you know? This eBook looks at the configuration control elements in and around these TCP/IP and UDP elements: PROFILE, DATA, RESOLVER, TELNET, FTP, SMTP, and PAGENT.
AE3 - Securing z/OSMF - The security set-up of z/OSMF is an integral part of its overall installation and configuration. To secure it properly can only be accomplished by Systems Programmers working in close conjunction with Security Administrators on a z/OS system that is already secured by Systems Administrations Best Practices. This book is a distillation of the essential security portions of the z/OSMF configuration and programming documentation available from IBM, which cannot, and should not, be ignored.
AE2 - Learn about the configuration settings for each of the primary external security managers, how they were originally set, and how the authors of these eBooks have attempted to capture what they should be currently set to, with both the why and why not.
AE2 - zAuditing Essentials - Volume 2 - Taming RACF - SETROPTS
AE2 - zAuditing Essentials - Volume 2 - Mastering CA ACF2 - GSO
AE2 - zAuditing Essentials - Volume 2 - Controlling CA Top Secret
AE1 - The IODF is the central configuration file for z Systems. Settings outlined.
AE1 - zAuditing Essentials - Volume 1- zEnterprise Hardware
z/OS
V2R4 - What's New in z/OS V2R4 These are "Cliff's Notes" type eBooks
V2R3 - What's New in z/OS V2R3 detailing what's coming in the
V2R2 - What's New in z/OS V2R2 latest releases of z/OS.
V2R1 - What's New in z/OS V2R1
CICS - This eBook provides a wealth of information about CICS, its operations and its resources and capabilities along with guidelines and recommendations.
CICS Essentials - Auditing CICS - A Beginner's Guide
CICS has its own security but does not cover many internal policies or legal compliance requirements. Recommendations are provided.
CICS security is quite complex with many layers and facets. Learn the sophisticated way CICS exploits SAF Classes.
ESM - Comprehensive visualization of all available symbols used to define ESM passwords. RACF is complete; CA ACF2 and CA Top Secret - coming soon.
SYM - The Visualization of Symbols Used to Define the format of RACF Passwords
eBooks published by The z Exchange and NewEra Software are made available to all at no charge. Downloading some eBooks, such as the AE6 eBook require you to provide contact information so we can use it to alert you to the next version's availability. We do not use your contact information for any other purpose.