Scorecards

A Scorecard is a summary of your security configuration. It contains summarized data (counts, averages, and so on), and an overall rating of compliance based on security best practices. Scorecards allow you to quickly assess the security status of your servers, identify potential risks, and help you plan an approach to improving security.

What does a Scorecard rate?

A Scorecard compares an Endpoint system against a collection of security standards—those of your organization's security policy, or Powertech's recommendations. Powertech has extensive experience in the IBM i security industry, and audits hundreds of systems annually. (The results of these audits are published each year in Powertech's State of IBM i Security study.) Powertech Compliance Monitor for IBM i's included Scorecards represent an industry-recognized definition of best security practices for IBM i.

Powertech Compliance Monitor for IBM i offers two categories of Scorecards:

  • Profile Scorecard

    • A Profile Scorecard rates user profiles on your system based on the point and severity settings in your security policy.

  • System Values Scorecard

    • A System Values Scorecard rates how your system values compare to Powertech’s recommended compliance policy. A System Values Scorecard lists all security-related system values that apply to the configuration of the security audit journal (QAUDJRN).

Scorecards are available to assess systems based on your security policy, Powertech's recommendations, or for specific regulatory standards, such as PCI.

When you run a Scorecard report, Powertech Compliance Monitor for IBM i compares user ID configurations and system values (environment variables) against best practices. Powertech Compliance Monitor for IBM i compiles the results of these ratings and displays them in a PDF with Adobe Acrobat (in a separate window). You can save a copy of the scorecard as a PDF file to your computer.

The Scorecards display each item evaluated with a red X if doesn't comply with your security policy, or a green check mark if it does.

You can also define your own customized scorecards that isolate specific security information based on your individual needs. See Customized Scorecards"Customized Scorecards" in the Powertech Compliance Monitor for IBM i for IBM i User Guide for information on creating custom scorecards.