CorreLog, Inc. Announces File Integrity Monitoring (FIM) System for IBM z/OS Mainframes for Improved System Integrity, While Addressing PCI DSS’s Requirement 10.5

Share Article

CorreLog’s Mainframe FIM, or M-FIM, function brings deeper analysis and tracking of mainframe system integrity to improve protection against insider threat and provide real-time notifications to distributed Security Information & Event Management (SIEM) systems.

News Image
With mainframe being such a strategic investment for banking, finance, insurance and medical fields, creating M-FIM for z/OS was a natural progression for the CorreLog SIEM Agent.

CorreLog, the leader in multi-platform IT security event log management, today announced a File Integrity Monitoring (FIM) offering for mainframe is now available in its latest release of CorreLog SIEM Agent for IBM z/OS, version 5.5.3. The new mainframe FIM, or M-FIM functionality in SIEM Agent also addresses the latest Payment Card Industry Data Security Standard (PCI DSS) requirement 10.5.5 for tighter controls in the handling of credit cardholder data on mainframes.

PCI DSS requirement 10.5.5 states organizations must “use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.” CorreLog’s SIEM Agent with M-FIM is able to track user access to critical system files, such as SYS1.PARMLIB or the PARMLIB concatenation, through:

  • Up-to-the-second database activity monitoring (DAM) and tracking other security event messages from RACF, ACF2, Top Secret, and DB2 accesses.
  • Real-time security alerts exported from the z/OS LPAR where installed to the Windows or UNIX SIEM system. CorreLog SIEM Agent with M-FIM also has certified integrations to IBM® QRadar® Security, HP ArcSight, RSA Security Analytics (EMC), and McAfee DAM, along with field integrations with all brand-name SIEM systems.
  • Allowing security administrators using Windows and/or UNIX SIEM systems to see real-time z/OS security event messages in their security consoles.
  • Users without access to the corporate SIEM can view alerts and messages via the CorreLog Visualizer™, a self-contained SIEM for z/OS mainframes.

In addition to addressing this and other PCI DSS requirements, CorreLog’s SIEM Agent with M-FIM also provides security auditing for other industry and government standards such as HIPAA, Sarbanes-Oxley, IRS. Pub 1075, FISMA, NERC and others.

“FIM has long been an integral component of anti-malware initiatives designed to mitigate risk to cardholder data and this is where PCI DSS is coming from with requirement 10.5.5,” said CorreLog CEO and President George Faucher. “But good FIM, change management and DAM practices also provide a means for managing system integrity and tracking insider threat. With mainframe being such a strategic investment for banking, finance, insurance and medical fields, creating M-FIM for z/OS was a natural progression for the CorreLog SIEM Agent.”

The base functions of a SIEM system center around user log management and event notifications that alert security personnel of suspicious activity that might indicate a cyber threat. Effective perimeter defense calls for more than SIEM alone. Other tools such as FIM and/or M-FIM, Data Loss Prevention (DLP), identity management, etc. are needed to ensure all avenues of intrusion are watched and acted upon in real time. CorreLog provides mainframe SIEM and complementary functions via the SIEM Agent to manage FIM and DLP across mainframe environments. For more information on CorreLog SIEM Agent with M-FIM and DLP capability, please visit

About CorreLog:

CorreLog, Inc. is the leading ISV for cross-platform IT security log management and event log correlation. Our solutions provide best-in-class, real-time event log collection across both distributed and mainframe systems. Event logs generated from CorreLog Agents are ready-format for the Windows-/UNIX-based CorreLog SIEM (Security Information & Event Management) Correlation Server or any SIEM correlation engine. The core products in the CorreLog solution suite are:

CorreLog SIEM Agent for IBM z/OS™

CorreLog Visualizer for IBM z/OS™

CorreLog SIEM Correlation Server™

SIEM Agent for IBM z/OS resides in a mainframe LPAR, or multiple LPARs, and in real time, converts mainframe security events such as RACF, ACF2, Top Secret and DB2 accesses to distributed syslog format for enterprise SIEM systems. In addition to mainframe SIEM functions, SIEM Agent includes functionality for File Integrity Monitoring (FIM) and Data Loss Prevention (DLP). For enterprises that need extended mainframe visibility for users that don’t have access to their SIEM, CorreLog offers Visualizer for z/OS which delivers live mainframe security dashboards through any standard web browser.

The CorreLog SIEM Correlation Server delivers enterprise log management with a best-in-class event correlation engine. CorreLog SIEM Server operates across Windows, UNIX, and Linux platforms and helps identify anomalous behavior and security policy violations by collecting and correlating user activity logs and various system event data. Each of these CorreLog solutions has been designed to adhere to standards set forth by PCI DSS, HIPAA, IRS Pub. 1075, SOX, GLBA, FISMA, NERC and many other regulatory standards. For more information on CorreLog products, please visit

Copyright © 2015, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tony Perri
CorreLog, Inc.
+1 (877) 267-7356 Ext: 422
Email >
Visit website