TK273 – IBM Security zSecure Audit Rule-based Compliance Evaluation and Customization

Durée : 1 jour
Prix Public : 700 € HT (tarif Inter-Entreprise)


This course introduces the zSecure Audit rule-based compliance evaluation framework. The course explains rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance evaluation functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, STIGplus, GSD, or PCI-DSS. The course also teaches you how to customize compliance evaluations for the supported standards to fit your company’s requirements. Finally, you learn how to create a company-defined compliance standard. Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.


The target audience for this advanced-level course is security administrators, auditors, and compliance officers.


Before taking this course, make sure that you have the following skills:

  • Basic knowledge of and experience with z/OS and RACF
  • Familiarity with the IBM Security zSecure Audit ISPF panel interface
  • Knowledge of and experience with the CARLa programming language


  • Explain the concept of rule-based compliance evaluation with zSecure Audit
  • Run compliance evaluations against the supported standards GSD331, STIG, and PCI-DSS
  • Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard
  • Customize compliance evaluations to fit with company security and audit policies
  • Build customized system-defined compliance standards, rule sets, rules, and tests


Unit 1: Rule-based compliance introduction and concepts
Unit 2: Running compliance evaluations and interpret results
Unit 3: Customizing compliance standards, rules, or tests