Powertech Compliance Monitor for IBM i Overview

Powertech Compliance Monitor for IBM i is the modern answer to centralized security and compliance reporting for all IBM i organizations.

Powertech Compliance Monitor for IBM i provides instant access to hundreds of predefined reports which can be used as-is, or customized to reflect each organization’s unique requirements. Powerful scheduling and distribution features permit assessment requests to be run during off-hours and delivered to the interested parties via secure email, or placed on the Integrated File System.

Consolidated reporting enables users to access information across dozens of partitions just as quickly and easily as they can for one. This feature provides the capability to compare multiple servers in a single dashboard view, including comparison of system values against a customizable baseline policy. The thumbnail seen on the lower right hand side of this slide is an example of a report showing only system values that are non-compliant. Color coding is assigned based on the criticality of the system value according to the policy. Regardless of the number of servers I report on, I’m instantly focused on the servers that contain non-compliant system values.

Other features within the product include a guide on how your server should be configured, the ability to generate visual scorecards to quickly assess the compliance of critical areas of server configuration, and a log consolidation feature that allows vast amounts of audit journal data to be harvested from multiple servers and stored centrally with upwards of 90% compression.

Regardless of whether you are required to comply with a formal regulatory or legislative mandate, Powertech Compliance Monitor for IBM i is the solution that you and your auditors have been dreaming about!

Consolidator

Store and consolidate audit data on a central system.

Much of the power of Powertech Compliance Monitor for IBM i comes from it’s unique tiered architecture. This design enables Powertech Compliance Monitor for IBM i to scale infinitely from businesses that operate on a single server with one partition, all the way up to large Global enterprises who may well be running on multiple physical servers, each with many partitions. Authorized users of the product leverage a modern browser-based interface to orchestrate audit reporting for the entire IBM i enterprise without concern for network complexity and without needing individual profile access to any of them.

The Powertech Compliance Monitor for IBM i infrastructure consists of two agents: a Consolidator that accepts and handles all of the report requests from the user, and an Endpoint agent that responds to the Consolidators requests for information. This way, all Endpoint communication complexity is transparent to the end user.

Instead of struggling to generate numerous spooled files on multiple systems, and somehow exporting and combining them in Excel to perform a manual analysis, audit staff can focus their full attention on interrogating the delivered information

Although the image might suggest it, the Consolidator agent does not require a dedicated partition. Many customers load both agents together to allow the Consolidator partition to be reported on as well. This is how we are able to scale the solution down to include single servers running with one partition.

See Consolidator Options.

Groups

Select systems combined into virtual “groups.”

Once the Endpoint servers are defined to the Consolidator - which entails simply entering the IP address or name of the server - they can be reported on. We also allow you to create virtual groups and drag and drop servers so that you can run reports against an entire business unit or even an entire continent, just as easily as you do against a single server.

Of course, single or multiple selections can be made using Ctrl-click.

Powertech Compliance Monitor for IBM i's highly scalable architecture makes light of your audit reporting requirements, regardless of whether there are one or one thousand servers.

See Report Groups tab.

Report Categories

Choose from report categories that include common regulatory mandates.

We support report categories as a way to organize reports. Categories are shipped for help with common regulatory mandates, and you can also create custom categories, to store and generate reports quickly and efficiently. Customers often create categories for specific audit initiatives.

With one single selection, you can run any number of reports against any number of servers.

Powertech Compliance Monitor for IBM i ships ready to satisfy all standard audit report requirements. Advanced customers appreciate the ability to customize reports with different columns, sort orders, and data filters.

See Reports.

Automation

Schedule assessments to run on a regular basis and distribute the reports to a recipient or a group.

Requesting reports can be done directly through the interface, or can be scheduled to run behind the scenes. We’ve built a scheduler right into the product, or we can interface with any third-party IBM i scheduler.

The batch schedule defines which servers to include and which reports we wish to generate. This way, we technically require zero human intervention to generate full compliance reports.

Viewer

View necessary data easily.

Once a report is complete, the data can viewed through Powertech Compliance Monitor for IBM i’s own interactive viewer which allows for on-the-fly control of what data you see and how it’s presented.

Export

Print reports in Adobe® Portable Document Format (PDF), or export them as Comma Separated Value (CSV) or Excel files.

If you decide to send the report data to another application, we let you do it on the fly, and we support several popular formats, including .pdf.

See Export Data Tab.

NOTE: You can encrypt PDF reports for security.

Alternatively, you can have the system generate the reports and send them out via email attachments. Of course, we allow you to specify that the attachments are to be AES encrypted. The email is based upon a customizable template, but indicates the number of rows in each of the reports. You can specify a limit on attachment sizes incase you have mobile users, and exceeding this limit will cause Powertech Compliance Monitor for IBM i to send a custom hyperlink to the reports instead.

To verify that a report has not been tampered with, support is also included for signing the documents with a digital signature.

Customization

Create customized reports—select columns; order, sort, and filter data—to see exactly the information you need.

The standard reports have been designed by security experts. They work straight out of the box to save reinventing the wheel. Advanced customers can customize them to designate the desired columns, the order of columns, and the sort order of the data. Customizations can be saved to a new report so that you only have to customize them once.

Some reports contain valuable information, including an “effective” authority for each of the 8 special authorities. This allows the reviewer to rapidly determine if a profile is inheriting privileges from a group profile. This information is tricky to retrieve from the operating system, and a breeze in Powertech Compliance Monitor for IBM i.

Filters

Filter specific data, such as a company's list of approved users.

Part of the customization process is handled via a powerful filter editor. Powertech has pre-defined dozens of context sensitive filters but we know that every customer needs to be able to create new filters. Copy an existing filter definition and modify it, or create a brand new filter from scratch. Filters are available to any Powertech Compliance Monitor for IBM i user, saving time and preventing duplication of efforts.

The system values report can check the current configuration against a customizable baseline and report on non-compliance. Customers can take the Powertech policy and use it as-is, or make it entirely your own. Powertech Compliance Monitor for IBM i can handle multiple policies so geographic variations and different server roles can easily be accommodated.

If you wish to sequester compliant items, simply apply a filter and you are instantly presented with the items that need attention. The remaining non-compliant items are color coded based on the criticality of the value as specified in the applied policy.

See Filters Tab.

NOTE: Numerous context-sensitive filters are supplied and more can be created using the Filter Editor.

Consolidation

Interrogate multiple servers in a single report.

All of the reports can be run against multiple servers at once to provide insight into the configuration of all the systems. This can be done without having to individually run the same report for each system. Of course, that also means that we also get the benefit of being able to filter and export data from many systems at once.

Scorecards

Use Scorecard reports to see how Endpoints compare to a user profile or system value policy. Customize reports and include an overall score, with colored indicators to help administrators and auditors track progress.

Sometimes we might not want to get bogged down in the details. Scorecards allow the system to be assessed and a summary report presented. An overall compliance rating is supplied, and can be based on the shipped policy or a custom security policy. Scorecards are intended to provide an executive-level view of the system configuration, although vulnerabilities can be then be interrogated to find out exactly what is happening.

Graphical scorecards efficiently indicate the state of compliance. If the scorecard summary indicates “all clear,” there is no necessity to spend time investigating the granular details.

See Profile Scorecard.

More Powertech Compliance Monitor for IBM i Features

Display times for Endpoints in different time zones, adjusted to the local time.
Compare audit results for the same Endpoint system with historical data collections to track compliance status over time.
Control access to Assessments, Endpoint systems, custom reports, filters, and other items.
Collect transaction log data from multiple systems. System audit journal (QAUDJRN) data is compressed and stored on the Consolidator system for reporting.
Collect audit journal data from Endpoint systems regularly and combine it with audit data from other systems and other Powertech products, including Exit Point Manager and Authority Broker.
Highlight exceptions to the recommended Powertech policy on grid reports.
Define, customize, and edit custom security policies, modify Powertech Compliance Monitor for IBM i's base security policy, and assign custom policies to your Endpoints.
Export and import report definitions (and their filters), Scorecard definitions, and policies, across Consolidators.
Export and import your system values policy across Consolidators.

Reports

Powertech Powertech Compliance Monitor for IBM i offers administrators or auditors many reporting options. You can select from predefined reports or create your own customized reports. Predefined reports are designed by compliance specialists to make it easy to retrieve and organize relevant audit information.

Powertech Compliance Monitor for IBM i reports are grouped into the following categories. Each category includes multiple reports that collect the different types of data (log file, network, system, object, and user) for a system.

Complete assessment

Log File
Network Reports
Object Reports
System Reports
User Reports

Powertech products

Powertech Authority Broker
Powertech Exit Point Manager

Regulatory recommendations

Gaming (MICS) Reports
GDPR Configuration
GDPR OS Events
GDPR Powertech Events
NIST Configuration
NIST Events
PCI Configuration
PCI Log File
Sarbanes-Oxley Configuration
Sarbanes-Oxley Log File

Powertech Compliance Monitor for IBM i also offers the ability to produce customized reports.

See Report Groups Tab.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.4 | 202410080134 | October 2024