Bob Fake, CEO, Infosec
Mainframes are often perceived as being highly secure. That was certainly true when mainframes were largely standalone systems. But today, mainframes are connected to multiple other internal systems and to the outside world. This can render them as vulnerable to hackers as desktop PCs. And, with so much lucrative personal, financial and health data stored on mainframes, they’re increasingly a top target for data thieves.
The misconception of mainframes being so secure has led to some devastating and highly publicized data breaches. In truth, most companies are in the dark about where their mainframes are most vulnerable— until it’s too late. The solution is to benchmark your organization’s data security against a proven standard.
RMF: The Gold Standard of Data Security
No organization has a higher standard of data security than the Department of Defense (DoD). While you might not perceive your organization as needing the same level of security as the DoD, why not hold it to the same standards wherever possible?
The DoD has embraced the Risk Management Framework (RMF)—formerly called the DoD Information Assurance Certification and Accreditation Process (DIACAP)—as the data security standard for all internal users and contractors.
InfoSec has created an assessment for commercial enterprises that compares your mainframe security implementation to the documented RMF guidelines. The Mainframe Auditor Practice for Security & Compliance Standards (MAP/SCS) assessment reveals whether you meet, exceed, or fail to meet the same standards. If you fall short in any area, InfoSec will develop a roadmap for you to implement remediation measures.
Adapting RMF to Your Organization’s Needs
The DoD’s security level is extraordinarily high for obvious reasons. In fact, failure to meet every
guideline in RMF prevents groups within or interacting with the DoD to operate at all. Your company may choose to be less strict and accept some deviations from the totality of the standard. It may be, for example, that the cost or other type of burden of implementing a certain guideline is prohibitive.
MAP/SCS is strictly a gap analysis tool that empowers you with the information you need to make informed decisions about acceptable risks, and the flexibility of whether or not to take recommended actions to minimize those risks. Those recommendations can be implemented one at a time or all at once, in part or in whole, or ignored completely. It’s up to you.
However you decide to utilize the findings of the MAP/SCS assessment, you’ll know where potential security gaps exist and how to guard against them. It’s peace of mind that’s well worth the investment.