SPARTA News

March 2023

SPARTA President’s Corner

contributed by Randy Springs

This month, we will again be holding our SPARTA meetings via Zoom format. With the removal of mask mandates in NC, we can consider going back to our in-person meetings if we can find an appropriate venue. Let us know if you have any suggestions for a meeting location.

For our March meeting, join us for a presentation from an exciting speaker, who will discuss issues about your mainframe environment. Invite your fellow systems programmers to join us for networking and information.

Please join your colleagues online at 7 p.m. on Tuesday, March 7, on Zoom. Watch for speaker details and meeting connection information coming your way soon.

Randy Springs
Retired (Truist)

Future Speakers (subject to change)

March 7, 2023 - TBA

April 4, 2023 - SHARE 2023 Atlanta by Ed Webb

We need ideas and volunteers for future speakers. Presentations don’t have to be fancy, just informative and interesting. Even a 5 or 10 minute talk can start an interesting interaction. Contact Ron Pimblett by phone as noted below.

2022-2023 SPARTA

Board of Directors

Randy Springs - President

Retired (Truist)                  (919) nnn-nnnn

street

Raleigh, NC 27604

Ron Pimblett - Vice President

MDI Data Systems

Land line 613 599 6970

Mobile 613 981 6919

190 Guelph Private

Kanata, ON K2T 0J7

Chris Blackshire - Secretary

Retired (Dell, Perot Systems, Nortel)  (919) nnn-nnnn

street

Durham, NC 27713

Randy Springs - (Acting) Treasurer

Retired (Truist)                  (919) nnn-nnnn

see Randy

Springs earlier

Ed Webb -  Communications Director

Retired (SAS Institute Inc.)  (919) nnn-nnnn

street

Apex, NC 27523

Mike Lockey -  Web Master

Guilford Co. Information Services  336-641-6235

201 N. Eugene St.

Greensboro, NC 27401

Meetings

Coronavirus Change: All meetings for the foreseeable future will be held online at 7 p.m. via the Zoom App. The link to meeting is sent to SPARTA Mailing list within 24 hours of the meeting time for security reasons. Stay safe.

Meetings are scheduled for the first Tuesday evening of each month (except no meeting in January), with optional dinner at 6:15 p.m. and the meeting beginning at 7:00 p.m.

These monthly meetings usually are held at LabCorp’s Center for Molecular Biology and Pathology (CMBP) near the Research Triangle Park (see last page). Take I-40 to Miami Boulevard and go north. Turn right onto T.W. Alexander Drive. Go about a mile or so. Then turn right into LabCorp complex and turn Left to the CMBP Building (1912 T.W. Alexander Drive). In the lobby, sign in as a visitor to see Bill Johnson. Bill will escort you to the conference room.

Call for Articles

If you have any ideas for speakers, presentations, newsletter articles, or are interested in taking part in a presentation, PLEASE contact one of the Board of Directors with your suggestions.

Newsletter e-Mailings

The SPARTA policy is to e-mail a monthly notice to our SPARTA-RTP Group. The newsletter is posted to the website about five (5) days before each meeting so you can prepare. The SPARTA distribution List is maintained by Chris Blackshire; if you have corrections or problems receiving your meeting notice, contact Chris at chrisbl@nc.rr.com.

August 2022 “CBT Tape” Shareware Online

The directory and files from the latest CBT tape V504 (dated August 16, 2022) are available from www.cbttape.org.

If you need help obtaining one or more files, contact Ed Webb (see Board of Director’s list for contact info).

Minutes of the February 7, 2023 Meeting

• The meeting was called to order at 7:05 PM by Randy Springs, the SPARTA President.

• This Thirty-first (April 2020 to February 2023) virtual SPARTA meeting was held via the Zoom Software.

• Thirteen (13) people were present at the virtual meeting.

• The business portion of the meeting followed the presentation.

• For the Roundtable, everyone introduced themselves, told where they worked, talked about working from home, and briefly described their job functions and what they've been doing at work and home.

OLD BUSINESS

• The minutes of the December 5, 2022 meeting as published in the February 2023 Newsletter were approved.

• The January 31, 2023 Treasurer's report (there was No Activity in December) as published in the February 2023 Newsletter was approved. As of January 31, 2023, the current balance was $994.51.

• Call For Articles: Articles are needed for this newsletter. If you would like to write an article for this newsletter, please contact Ed Webb. Keep in mind that you don't really need to write the article, it can be an article that you read that you would like to share with the membership.

• The SPARTA Web page is available at this site: http://www.spartanc.org. Please send any comments or suggestions about the Web page to Mike Lockey. Be sure to check the Web page every once in a while to see any new or changed information.

• 2023 meeting dates, Future Speakers and Topics (subject to change based on internal politics, budget, the weather):

If you have suggestions about speakers and topics, contact Ron Pimblett.

• The next SPARTA monthly meeting will be held virtually on Tuesday, March 7, 2023.

• The annual dues have been suspended (motion passed in the March 2021 monthly meeting).

• Thanks to Randy Springs for online hosting the February 7 meeting via Zoom.

• There are currently 100 people on the SPARTA e-mail distribution list.

• Send any e-mail address changes to Chris Blackshire so he can update the SPARTA distribution List. The SPARTA meeting notices are being sent via a simple distribution list maintained by Chris.

• Randy Springs is looking for a new Treasurer volunteer. He projects about 2 hours per month is needed.
- Contact Randy Springs if you are interested.

• Randy Springs has setup a SPARTA group on LinkedIn. Please join.

• There was discussion about a possible 2023 in person meeting, depending on vaccinations and room availability. Stay tuned.
- LabCorp Future Meeting Place: No update from Bill Johnson.

NEW BUSINESS

• We will continue meeting virtually for now with a future in-person meeting date TBD. Stay tuned.
• Randy will contact Bill Johnson to determine the LabCorp meeting place status.
• The Business portion of the meeting and the meeting itself ended about 8:30 P.M.

• The Presentation started at 7:25 PM.

• Presentation Topic: A Practical Approach to Zero Trust Architecture [ZTA]

By Glennon Bagsby of NewEra Software
Assisted by Jerry Seefeldt of NewEra Software

Answering the requirements of NIST SP 800-27, EU Commissions statement 22 March 2022, and the UK’s NCSC 21 July 2021

ABSTRACT: Forrester Research has said “Zero Trust is becoming the security model of choice for enterprises and governments alike.” If your CIO or CISO asked you to develop a ZTA plan for your mainframe, would you know where to start?

• Agenda
• Why is ZTA Important? What is ZTA?
• Zero Trust Architecture [ZTA]
• How to get started establishing a ZTA for IBM z/OS Systems
• An example of an actual exercise to create a ZTA for z/OS critical datasets
• A demonstration of The Control Editor (TCE)

The online presentation ended at about 8:20 PM.

• Presentation Access - See Below for a full outline of the presentation.

See the SPARTA webpage for all recent presentations including this one.

• Contact Info:
Speaker: Glennon Bagsby
NewEra Software, Inc.
8070 Santa Teresa Boulevard, Suite 240
Gilroy, CA 95020, USA
Email: ghb@newera.com
Toll free: (800) 421-5035 or 1-408-520-7100
Support: support@newera.com

Assist: Jerry Seefeldt
Director of Strategic Partnerships
NewEra Software, Inc.
IBM Poughkeepsie, New York USA
Email: jms@newera.com
Phone: 1-408-520-7100 x740

• The February 7, 2023 monthly meeting ended about 8:30 P.M.

Treasurer’s Report for February 2023

contributed by Randy Springs

The balance in the account is $994.51 as of February 28, 2023.

SPARTA Financial Report
02/01/2023 through 02/28/2023

Items of Interest

SPARTA Schedule and Menu for 2023

contributed by Chris Blackshire

Mar 7, 2023 - Subs
Apr 4, 2023 - BarBQ
May 2, 2023 - Pizza
June 6, 2023 - Chicken
July 11, 2023 - Subs (July 4 holiday falls on the first Tuesday meeting date)
Aug 1, 2023 - BarBQ
Sept 12, 2023 - Pizza (Labor Day holiday is Monday Sept 4)
Oct 3, 2023 - Chicken
Nov 7, 2023 - Subs
Dec 5, 2023 - BarBQ

Access SHARE Atlanta Wherever You Are With the Virtual Access Pass!

contributed By Ed Webb

"Nothing beats the experience of attending SHARE events in person, but if you're unable to make the trip, you can still join us virtually with the SHARE Atlanta Virtual Access Pass for just $599. No matter where you are, you and your team can access the latest education on new technology trends and capabilities.


 The Virtual Access Pass allows you to live-stream select technical sessions and have access to the accompanying recordings until June 1, 2023 for on-demand viewing.


 To see the sessions included in the Virtual Access Pass, visit the Technical Agenda and use the filter option in the corner and select "live-stream." "

IBM z/OS Version 3.1 and IBM zSecure Suite Announced

contributed By Ed Webb

On Tuesday February 28, 2023, IBM announced the next release of z/OS to be called V3.1 and a companion product, IBM zSecure Suite for zNext. z/OS 3.1 is available in late September 2023. zSecure is more of a Statement of Direction.

My quick review did not reveal any major new offerings; much of the announcement seemed to be updates that are available for z/OS 2.5 via SPE PTFs. I'll let you know more after SHARE this week.

"IBM® z/OS® 3.1 marks a new era in operating system intelligence. The new version of z/OS is planned to provide a framework for infusing AI throughout the system, enabling intelligent systems administration guidance and automation that learns and improves. With z/OS 3.1 as the foundation of a hybrid cloud strategy, enterprises can deploy and co-locate Linux®-based applications together with core business workloads and enjoy the unique value propositions of both environments. Built on over 50 years of continuous innovation, research, and development, z/OS is the core computing platform for the world's top financial institutions, insurers, retailers, utilities, governments and more. Designed for high availability with quantum-safe technologies, the new z/OS 3.1 will be a resilient platform for the future of industry's most critical workloads."

Read this complete announcement of z/OS 3.1.

Read the zSecure announcement here.

Your Most Important Asset in Support of Platform Portability

Contributed by Ed Webb

"We'll cut to the chase for those of you that would just prefer to skip to the conclusion. If your organization already uses Db2 for z/OS with Parallel Sysplex and Data Sharing, consider using it as a central resilient, available, and secure data service for your cloud-based applications. Db2 along with Data Sharing will support your cloud application's data service needs without all the application complexity and data-consistency uncertainty associated with cloud data services. Keep the mainframe as an integral part of your application infrastructure to ensure data consistency across cloud infrastructure. Now that you read the conclusion, read on to find out why this is can be so critical to your business.
An often-overlooked potential use of the mainframe as a centralized data server is its ability to support application platform portability. ...."

Read this article from Enterprise Executive: 2023 Issue 1 for a detailed description of the role of the mainframe in your cloud applications, now and in the future.

Humor

Wit and Wisdom continued

contributed by Ed Webb

The worst part of having success is trying to find someone who is happy for you.
To err is human—to refrain from laughing is humane.
The difference between reality and fiction is that fiction has to make sense.

Membership Information

Don’t Forget the Next SPARTA Meeting

Tuesday, March 7, 2023

7 p.m.

Location: Online

Information about access to our online meeting will be sent to our e-mail list by Tuesday, March 7.

Free Food before meeting: Your Food at Your Home

Program:

To Be Announced

Speaker:

xxxx of yyyyy company

SPARTA Corporate Sponsors:

February 2023 Presentation outline

• Presentation Topic: A Practical Approach to Zero Trust Architecture [ZTA]

By Glennon Bagsby of NewEra Software
Assisted by Jerry Seefeldt of NewEra Software

Answering the requirements of NIST SP 800-27, EU Commissions statement 22 March 2022, and the UK’s NCSC 21 July 2021

ABSTRACT: Forrester Research has said “Zero Trust is becoming the security model of choice for enterprises and governments alike.” If your CIO or CISO asked you to develop a ZTA plan for your mainframe, would you know where to start?

• Agenda
• Why is ZTA Important? What is ZTA?
• Zero Trust Architecture [ZTA]
• How to get started establishing a ZTA for IBM z/OS Systems
• An example of an actual exercise to create a ZTA for z/OS critical datasets
• A demonstration of The Control Editor (TCE)

• NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
- “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.
- A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows.
- Zero trust “assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”
- - NIST SP 800-207
- - “Zero Trust Architecture”
- - August, 2020

• FORRESTER RESEARCH
- “Zero Trust is becoming the security model of choice for enterprises and governments alike. However, security leaders often don't know where to begin to implement it, or they feel daunted by the fundamental shifts in strategy and architecture Zero Trust demands.
- However, Zero Trust does not require that you rip out all your current security controls to start fresh, and with the right approach you can realize benefits right away.”
- - Forrester Research, Inc., report RES157736

• WHAT ARE ZERO TRUST AND A ZTA?
- Formal Definitions (from NIST SP 800-207)
- Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.
- Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies.

• MY DEFINITION
- A major de-emphasis on perimeter security.
- A terminal or a user is not trusted simply because he or she is inside the firewall or similar.
- - This is sometimes called “an assumed breach.”
- Protections of internal access just like external protections.
- A de-emphasis on trusted devices and trusted people.
- All security is transaction by transaction, or at least in some small window in time.
- Security is granular, it is not all or nothing.
- It is not that Bob is “trusted” – it is that he is authorized (or not) to do some particular transaction.
- This is sometimes called “least privilege.”
As you can see, a whole lot less trust ...

• WHO WANTS TO TELL THEM WE DON’T TRUST THEM ANYMORE?

• THE GOAL FOR A ZTA IS TO RESOLVE 2 WEAKNESSES
- First: Perimeter security is not enough
- - A ZTA should be designed to protect the important resources INSIDE the perimeter.
- - An Extra form of protection is needed once a user has gained access by ANY means.
- - Think of how you protect items in your life and home.
- Second: USERs are Overprivileged
- - Example;
- - - John is new to System support Group. His responsibility to review and update the message suppression configuration. He will need access to the AO product and to the MPFLST00 member in PARMLIB. Since that member is in the PARMLIB dataset, he needs RACF granted access to the dataset. This would include ALL the members.
- - John is Overprivileged.
- - - A ZTA must provide a method for John to do his job, and also protect access to the other members by John.

• LOGICAL COMPONENTS OF ZTA
- Policy Decision Point (PDP)
- - An organizational entity that orders the implementation, continuous review and the auditing of system controls.
- Policy Enforcement Point (PEP)
- - System entities that make ZTA authorization decisions for themselves or other system entities that request such services.
- Extending the controls of: RACF, ACF2 and Top Secret-SAF
- Diagram not copied

• WOULD YOU KNOW WHERE TO START?
- Pick a Target Step 1
- - APFLIST
- - LINKLIST
- - LPALIST
- - TCP/IP configuration files
- - PARMLIB
- - PROCLIB
- Pick a Target Step 2
- - Take Inventory
- - - Evaluate the Importance of the Resources
- Pick a Target Step 3
- - The APF LIST example has a variety of DATASETS;
- - - 20 different HLQs Almost 200 datasets
- - - - 13 start with SYS1
- - - - 5 start with TCPIP
- - How do you understand the role and importance of each category of dataset?
- - How do you understand what controls should be on each category of dataset?

• WOULD YOU KNOW WHERE TO START?
- Essential
- Critical
- Significant
- - ALL of the DATASETS are Important

• START WITH THE CONTROL EDITOR (TCE)
- Capabilities for PDPs and PEPs:
- - 1. Backup prior to any change
- - 2. Detected changes
- - 3. Documentation of change
- - 4. Notification of change via email or SMS
- - 5. BATCH changes must be supported
- - 6. Additional PASSWORD required
- - 7. ACCESS determined at the MEMBER level (Excessive access checking)
- - 8. ACCESS granted by type of request
- - 9. Additional TOKEN challenge
- Essential (9)
- Critical (6,7,8)
- Significant (3,4,5)
- ALL of the DATASETS are Important (1,2)

• Policy Enforcement Point, Decision Point, TCE
- Diagram Not Copied

• Summary: THE GOAL FOR A ZTA IS TO RESOLVE 2 WEAKNESSES
- First: Perimeter security is not enough
- Second: USERs are Overprivileged
- The Control Editor from NewEra Software provides the ability to overcome these weaknesses

The presentation ended at about 8:20 P.M.