| TERM | DESCRIPTION |
| ` | Member QIFCFGxx of SQIFPARM. This is a JSON representation of
the IronSphere configuration. The Global Block is loaded into ECSA at IPL time (or first run of job QIFLOADR. There are Two copies maintained in storage, each of 16K, an active copy and an inactive. Each run of job QIFLOADR loads a new copy into the inactive area and points to the new active. This way checks can access a storage copy of the configuration without performing any IO. |
| Control panel | This is a menu application used to configure and monitor the
IronSphere virtual appliance (also called "IronSphere Server"). The
menu only allows certain controlled functions and blocks access to the server
operating system and running components such as database server, application
server, protocols and so on. |
| Diagnostic Routine | IronSphere transform the STIG validation instructions into a programmed process. Each STIG document is coded as a Compiled Rexx program. The diagnostic routine performs several steps starting with dynamic discovery of the related components (STCs, Files, Etc.), CSM and transmission. The CSM and behavior of the diagnostic routines are effected by parameters from the global block. |
| CSM | Control Setting management (or CSM in short), is a process to compare security control's actual setting with a required one. This is a basic idea with DISA STIG framework: define the security control and their required settings. |
| Dynamic Discovery | IronSphere diagnose thousands of z/os security controls.
Traditional assessment products scan the system(s) (Static Discovery) once in
a while to collect information about system and ESM configuration. This
process is CPU bound and run on each monitored Lpar separately. The static
discovery process collects a lot of information which is irrelevant to STIG
compliance and creates overhead. IronSphere perform a dynamic discovery limited to the resources related to the check. these resources can be STC names, DSNAMES, etc. IronSphere does not require pre-definition of the resources and is able to discover them at run time. |
| Trigger Monitor | IronSphere schedule active diagnostic routines based on the value of the INTERVAL directive. It value is specified at a single check level. To perform in full ISCM mode, IronSphere subsystem monitors changes to defined security controls. This facility oi called Trigger Monitor. using system exits such as MPF and ENF, it listen to changes to system configuration. Once detected and matched the Monitor rules, the related checks are triggered. |
| ISCM | ISCM stands for Information Security Continuous Monitoring. This is a concept defined by NIST in order to monitor security all time, in order to provide real-time visibility into risks, vulnerabilities an attack surface. |