Not sure if this forum is the appropriate place to ask this question, so please
advise.
We have been requested by the Centers for Medicare and Medicaid, as a part of
our mainframe compliance program (using NIST and DISA STIGs) , to use the
national vulnerability database http://web.nvd.nist.gov
Take a look at
http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html
This page sets forth the current process for providing a System z
customer and/or its authorized representative with access to
security/integrity information for System z (currently z/OS and z/VM),
including
il address.
--
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of Mark Jacobs
Sent: Tuesday, May 08, 2012 11:28 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: [IBM-MAIN] National Vulnerability Database (NVD) Search for
Just searching the NVD with the argument 'z/OS' yields 20 or 21
vulnerabilities, almost all of which appear to have already been
addressed/remedied in current releases of the components involved and
some of which are quite old.
You should of course check the fix levels for these vulnerabilities
ag
why not ask CA?
From: "Pascoe, Raymond M"
To: IBM-MAIN@bama.ua.edu
Sent: Tuesday, May 8, 2012 11:06 AM
Subject: Re: National Vulnerability Database (NVD) Search for Mainframe
Vulnerabilities
Not sure if this forum is the appropriate place t
What does CA have to do with the NVD?
:>: -Original Message-
:>: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
:>: Behalf Of Cris Hernandez #9
:>: Sent: Tuesday, May 08, 2012 1:29 PM
:>: To: IBM-MAIN@bama.ua.edu
:>: Subject: Re: National Vulnerabi
-MAIN@bama.ua.edu,
Date: 05/08/2012 05:34 PM
Subject:Re: National Vulnerability Database (NVD) Search for Mainframe
Vulnerabilities
Sent by:IBM Mainframe Discussion List
What does CA have to do with the NVD?
:>: -Original Message-
:>: From: IBM Mai
On 8 May 2012 11:06, Pascoe, Raymond M wrote:
> Not sure if this forum is the appropriate place to ask this question, so
> please advise.
It's a fine place to ask.
> We have been requested by the Centers for Medicare and Medicaid, as a part of
> our mainframe compliance program (using NIST and
On Tue, 8 May 2012 18:31:56 -0400, Tony Harminc wrote:
>One can learn quite a bit from these published documents, not least
>lists of fixes that must be applied in order to pass the claimed
>security specifications, from which one might reasonably infer that
>the fixes are for software vulnerabil
Tony Harminc has made explicit a point that I made much too obliquely.
The chief uses of the NVD and that ilk is to ensure that the
operational software one has in current use includes fixes for the
vulnerabilities listed.
Note also that for the search argument 'z/OS' NVD output does include
at l
On 8 May 2012 18:57, Walt Farrell wrote:
> On Tue, 8 May 2012 18:31:56 -0400, Tony Harminc wrote:
>
>>One can learn quite a bit from these published documents, not least
>>lists of fixes that must be applied in order to pass the claimed
>>security specifications, from which one might reasonably i
Database (NVD) Search for Mainframe
Vulnerabilities
Not sure if this forum is the appropriate place to ask this question, so please
advise.
We have been requested by the Centers for Medicare and Medicaid, as a part of
our mainframe compliance program (using NIST and DISA STIGs) , to use the
12 matches
Mail list logo