Skip to main content
MainTegrity Cyber Security Framework (CSF)
MainTegrity Cyber Security Framework (CSF)
End-to-End Cyber Security for IBM z/OS

​Cyber Security Framework (CSF) 

The MainTegrity CSF suite is comprised of 4 add-on modules that layer on top the CSF Foundation

Enabling all 4 modules provides a giant leap towards the worlds most most secure mainframe security environment.  

Real-World Consequences
  • Anthem Health (2015): ~$1 billion total cost over 10 years
  • United Healthcare (2024): $3 billion write-down, 9 days offline
  • Equifax: Weeks to determine what was affected
More on Breach Costs

Why CSF?

Mainframe environments store the world's most critical data—financial transactions, healthcare records, government systems. Traditional security tools like RACF, ACF2, and Top Secret build strong walls, but attackers have become smarter at stealing credentials, exploiting trusted network connections, and moving laterally from compromised devices into the mainframe.

The attack vector has changed. Direct mainframe attacks are rare. Attacks through compromised trusted network nodes are increasingly common. CSF provides the protection modern threats demand.

Compliance & Standards

CSF enhances compliance with:

  • PCI DSS — Controls 10.5 and 11.5 (FIM required)
  • NIST CSF — Detect, Respond, Recover functions
  • DORA — ICT risk management, operational resilience, third-party risk
  • Zero Trust — Continuous verification of system integrity
  • ISO 27001, HIPAA, SOX, GDPR — Audit trails, change management, data protection
More on Compliance
Integration

CSF integrates with enterprise tools including:

  • ServiceNow, BMC Helix/Remedy
  • Splunk, QRadar, Sumo Logic, ArcSight
  • IBM TZ and other mainframe security tools
  • Real-time bi-directional connections enable alerts to flow to your SOC while CSF handles automated response.

What functionality does
CSF Foundation include?

Real-time Reaction

  • Real-time Alerts — Immediate notification when threats are detected
  • Immediate Damage Control — Stop attacks as they happen, not after
  • Suspend / Resume Offending Tasks — Freeze malicious activity while business continues

Human Interface

  • Web-based UI for Easy Investigation — Browser-based forensics accessible to any skill level
  • 1-Click to Invoke from Alert — Jump directly from alert email into investigation
  • Human Response at Machine Speed — Automated suspension gives your team time to decide

Whitelisting

  • Learns About Approved Workload / Activity — Understands your normal operations
  • Avoids False Positives — Alerts only fire for genuinely suspicious activity
  • No Interruption to Production Work — Legitimate jobs run unimpeded

Restore Assist

  • Supports IBM SGC & Dell, HV Snapshots — Integrates with SafeGuarded Copy, Dell SnapVX/ZDP, and Hitachi snapshots, plus conventional backups (DFDSS, FDR, HSM)
  • Client-Specific Recovery Guidance — Recommendations based on your environment
  • Automated System Recovery — Generates JCL to restore affected datasets

CSF suite add-on modules

FIM+ 
(File Integrity Monitoring)

Monitors critical system files for unauthorized changes
  • Detect Malware/Ransomware insertion
  • Alert on unapproved updates
  • Remove Ransomware & Verify
Read More

Early Warning

Catches attackers during reconnaissance and exploit attempts
  • Detect z/OS Authority / Security tampering
  • Prevent UserID Impersonation
  • Stop Rogue Encryption in seconds
  • Alert on suspicious User Behavior
Read More

NetWatch

Monitors network connections to prevent data theft
  • Discover z/OS network topology
  • Identify, halt, malicious data transfers
  • Detect unknown IP addresses
  • Report threshold behavior issues
Read More

Supply Chain

Validates vendor software before installation
  • Informed release control / approvals
  • Enable separation of duties – issue resolution
  • Lock changes prior to approval
  • Verify that change deployment was correct
Read More