If you've been reading this blog for a while, you'll know that one of the subjects I often mention - and often give presentations about - is regulatory compliance (for example, see http://community.ca.com/blogs/execio/archive/2009/04/02/pci-and-other-compliance-related-tla-s.aspx).

In a way, it almost seems odd that a mainframer should spend so much time on this topic, when the mainframe is clearly the ideal platform for running in a manner that is compliant with all regulations - so what's the big deal?

Well, there are a few problems:

• Many regulations that have explicit technical requirements were written with PC's in mind, rather than mainframes, so it's necessary to translate their requirements to fit this context.
• Many auditors don't know the mainframe well enough to be able to figure out whether or not it's compliant, except to the extent that the very technical people who are responsible for the mainframe explain it to them.
• Even if the mainframe is being run in a compliant manner, proving it has been a very challenging task in the past.
• To complicate matters further, a new generation of mainframers is arriving, and they have yet to take the same journey of figuring out what is and isn't appropriate on the mainframe that we experienced folks took a few decades ago, so we can expect them to bump into and possibly occasionally knock over a few things on the mainframe while they figure things out. That can lead to accidentally coloring outside of regulatory lines.

So far, when I've talked or written about these issues, I've mentioned the value of cleaning up obsolete IDs and permissions, validating that your mainframe security directory contents support compliance, ensuring a compliant configuration of your OS environment, and encrypting data sent off-site. But that's all stuff that could be thought of as "below the line" - it supports compliance, but it doesn't actively pursue it.

That's why I'm so excited about something we're announcing today: CA Compliance Manager for z/OS.

This brand new mainframe product brings together your security, operations, systems and auditing groups with a single, real-time system that watches the behavior, use and configuration of your mainframe environment and security system (using any of the three external security manager products, or ESMs), and alerts you to any events or changes that could negatively impact your organization's compliance with relevant regulations.

And it does it all on your mainframe, so there's no "weak link" that could interfere with it. In fact, it even tells you if someone restarts your ESM. And all of it is so real-time that it doesn't even use SMF - it watches the system itself.

So, for example, if someone makes a change to an important PDS such as SYS1.PARMLIB, you'll know right away: when, who and what.

The idea here is, once again, to move from the technical to the business perspective. The business is the computer. You want accountability for changes that are made to your environment, measurability of what things have happened, and transparency, so there are no hidden behaviors that could provide unpleasant surprises later.

Best of all, with its web UI, it's so easy to use that less-technical personnel can be effective right away - including those auditors and managers who don't have a mainframe background, not just those that do.

Can you tell I'm excited about this?

But don't take my word for it - check it out for yourself. Your local CA mainframe team will be glad to tell you more - and see our press release (http://www.ca.com/us/press/release.aspx?cid=206928) for more details, too.

Why put up with complaints from your management, auditors, and potentially customers and business partners: now you can prove that you're compliant, and stay that way!

And, once you've checked it out, let me know what you think.