SPARTA News
March 2023
SPARTA President’s Corner
contributed by Randy Springs
This month, we will again be holding our SPARTA meetings via Zoom format. With the removal of mask mandates in NC, we can consider going back to our in-person meetings if we can find an appropriate venue. Let us know if you have any suggestions for a meeting location.
For our March meeting, join us for a presentation from an exciting speaker, who will discuss issues about your mainframe environment. Invite your fellow systems programmers to join us for networking and information.
Please join your colleagues online at 7 p.m. on Tuesday, March 7, on Zoom. Watch for speaker details and meeting connection information coming your way soon.
Randy Springs
Retired (Truist)
Future Speakers (subject to change)
March 7, 2023 - TBA
April 4, 2023 - SHARE 2023 Atlanta by Ed Webb
We need ideas and volunteers for future speakers. Presentations don’t have to be fancy, just informative and interesting. Even a 5 or 10 minute talk can start an interesting interaction. Contact Ron Pimblett by phone as noted below.
2022-2023 SPARTA
Board of Directors
Randy Springs - President
Retired (Truist) (919) nnn-nnnn
street
Raleigh, NC 27604
Ron Pimblett - Vice President
MDI Data Systems
Land line 613 599 6970
Mobile 613 981 6919
190 Guelph Private
Kanata, ON K2T 0J7
Chris Blackshire - Secretary
Retired (Dell, Perot Systems, Nortel) (919) nnn-nnnn
street
Durham, NC 27713
Randy Springs - (Acting) Treasurer
Retired (Truist) (919) nnn-nnnn
see Randy
Springs earlier
Ed Webb - Communications Director
Retired (SAS Institute Inc.) (919) nnn-nnnn
street
Apex, NC 27523
Mike Lockey - Web Master
Guilford Co. Information Services 336-641-6235
201 N. Eugene St.
Greensboro, NC 27401
Meetings
Coronavirus Change: All meetings for the foreseeable future will be held online at 7 p.m. via the Zoom App. The link to meeting is sent to SPARTA Mailing list within 24 hours of the meeting time for security reasons. Stay safe.
Meetings are scheduled for the first Tuesday evening of each month (except no meeting in January), with optional dinner at 6:15 p.m. and the meeting beginning at 7:00 p.m.
These monthly meetings usually are held at
LabCorp’s Center for Molecular Biology and Pathology (CMBP) near
the Research Triangle Park (see last page). Take I-40 to Miami
Boulevard and go north. Turn right onto T.W. Alexander
Drive. Go about a mile or so. Then turn right into LabCorp
complex and turn Left to the CMBP Building (1912 T.W. Alexander Drive). In the lobby, sign
in as a visitor to see Bill Johnson. Bill will escort you to
the conference room.
Call for Articles
If you have any ideas for speakers,
presentations, newsletter articles, or are interested in taking
part in a presentation, PLEASE contact one of the Board of
Directors with your suggestions.
Newsletter e-Mailings
The SPARTA policy is to e-mail a monthly notice to our SPARTA-RTP Group. The newsletter is posted to the website about five (5) days before each meeting so you can prepare. The SPARTA distribution List is maintained by Chris Blackshire; if you have corrections or problems receiving your meeting notice, contact Chris at chrisbl@nc.rr.com.
August 2022 “CBT Tape” Shareware Online
The directory and files from the latest CBT tape
V504 (dated August 16, 2022) are available from www.cbttape.org.
If you need help obtaining one or more files,
contact Ed Webb (see Board of Director’s list for contact
info).
Minutes of the February 7, 2023 Meeting
• The meeting was called to order at 7:05 PM by Randy Springs, the SPARTA President.
• This Thirty-first (April 2020 to February 2023) virtual SPARTA meeting was held via the Zoom Software.
• Thirteen (13) people were present at the virtual meeting.
• The business portion of the meeting followed the presentation.
• For the Roundtable, everyone introduced themselves, told where they worked, talked about working from home, and briefly described their job functions and what they've been doing at work and home.
OLD BUSINESS
• The minutes of the December 5, 2022 meeting as published in the February 2023 Newsletter were approved.
• The January 31, 2023 Treasurer's report (there was No Activity in December) as published in the February 2023 Newsletter was approved. As of January 31, 2023, the current balance was $994.51.
• Call For Articles: Articles are needed for this newsletter. If you would like to write an article for this newsletter, please contact Ed Webb. Keep in mind that you don't really need to write the article, it can be an article that you read that you would like to share with the membership.
• The SPARTA Web page is available at this site: http://www.spartanc.org. Please send any comments or suggestions about the Web page to Mike Lockey. Be sure to check the Web page every once in a while to see any new or changed information.
• 2023 meeting dates, Future Speakers and Topics (subject to change based on internal politics, budget, the weather):
Date |
Company |
Speaker |
Topic |
March 7, 2023 |
TBD |
TBD |
TBD |
April 4, 2023 |
Retired (SAS) |
Ed Webb |
SHARE Update Atlanta, GA |
May 2, 2023 |
TBD |
TBD |
TBD |
June 6, 2023 |
TBD |
TBD |
TBD |
July 11, 2023 |
TBD |
TBD |
TBD |
August 1, 2023 |
TBD |
TBD |
TBD |
September 12, 2023 |
Retired (SAS) |
Ed Webb |
SHARE Update New Orleans, LA |
October 3, 2023 |
TBD |
TBD |
TBD |
November 7, 2023 |
TBD |
TBD |
TBD |
December 5, 2023 |
TBD |
TBD |
TBD |
If you have suggestions about speakers and topics, contact Ron Pimblett.
• The next SPARTA monthly meeting will be held virtually on Tuesday, March 7, 2023.
• The annual dues have been suspended (motion passed in the March 2021 monthly meeting).
• Thanks to Randy Springs for online hosting the February 7 meeting via Zoom.
• There are currently 100 people on the SPARTA e-mail distribution list.
• Send any e-mail address changes to Chris
Blackshire so he can update the SPARTA distribution List. The SPARTA meeting notices are being sent via a simple distribution list maintained by Chris.
• Randy Springs is looking for a new Treasurer volunteer. He projects about 2 hours per month is needed.
- Contact Randy Springs if you are interested.
• Randy Springs has setup a SPARTA group on LinkedIn. Please join.
• There was discussion about a possible 2023 in person meeting, depending on vaccinations and room availability. Stay tuned.
- LabCorp Future Meeting Place: No update from Bill Johnson.
NEW BUSINESS
• We will continue meeting virtually for now with a future in-person meeting date TBD. Stay tuned.
• Randy will contact Bill Johnson to determine the LabCorp meeting place status.
• The Business portion of the meeting and the meeting itself ended about 8:30 P.M.
• The Presentation started at 7:25 PM.
• Presentation Topic: A Practical Approach to Zero Trust Architecture [ZTA]
By Glennon Bagsby of NewEra Software
Assisted by Jerry Seefeldt of NewEra Software
Answering the requirements of NIST SP 800-27, EU Commissions statement 22 March 2022, and the UK’s NCSC 21 July 2021
ABSTRACT: Forrester Research has said “Zero Trust is becoming the security model of choice for enterprises and governments alike.” If your CIO or CISO asked you to develop a ZTA plan for your mainframe, would you know where to start?
• Agenda
• Why is ZTA Important? What is ZTA?
• Zero Trust Architecture [ZTA]
• How to get started establishing a ZTA for IBM z/OS Systems
• An example of an actual exercise to create a ZTA for z/OS critical datasets
• A demonstration of The Control Editor (TCE)
The online presentation ended at about 8:20 PM.
• Presentation Access - See Below for a full outline of the presentation.
See the SPARTA webpage for all recent presentations including
this one.
•
Contact Info:
Speaker: Glennon Bagsby
NewEra Software, Inc.
8070 Santa Teresa Boulevard, Suite 240
Gilroy, CA 95020, USA
Email: ghb@newera.com
Toll free: (800) 421-5035 or 1-408-520-7100
Support: support@newera.com
Assist: Jerry Seefeldt
Director of Strategic Partnerships
NewEra Software, Inc.
IBM Poughkeepsie, New York USA
Email: jms@newera.com
Phone: 1-408-520-7100 x740
• The February 7, 2023 monthly meeting ended about 8:30 P.M.
Treasurer’s Report for February 2023
contributed by Randy Springs
The balance in the account is $994.51 as of February 28, 2023.
SPARTA Financial Report
02/01/2023 through 02/28/2023
INCOME |
|
Opening Balance 02/1/2023 |
$994.51 |
Total Deposits |
|
Food money donated |
0.00 |
Dues |
0.00 |
Sponsorships |
0.00 |
TOTAL INCOME |
$0.00 |
|
|
EXPENSES |
|
Food |
0.00 |
Web Site |
0.00 |
Petty Cash |
0.00 |
Bank Service Charges |
0.00 |
TOTAL EXPENSE |
$0.00 |
|
|
BANK BALANCE |
626.80 |
PETTY CASH on hand |
367.71 |
TOTAL CASH |
$994.51 |
Items of Interest
SPARTA Schedule and Menu for 2023
contributed by Chris Blackshire
Mar 7, 2023 - Subs
Apr 4, 2023 - BarBQ
May 2, 2023 - Pizza
June 6, 2023 - Chicken
July 11, 2023 - Subs (July 4 holiday falls on the first Tuesday meeting date)
Aug 1, 2023 - BarBQ
Sept 12, 2023 - Pizza (Labor Day holiday is Monday Sept 4)
Oct 3, 2023 - Chicken
Nov 7, 2023 - Subs
Dec 5, 2023 - BarBQ
Access SHARE Atlanta Wherever You Are With the Virtual Access Pass!
contributed By Ed Webb
"Nothing beats the experience of attending SHARE events in person, but if you're unable to make the trip, you can still join us virtually with the SHARE Atlanta Virtual Access Pass for just $599. No matter where you are, you and your team can access the latest education on new technology trends and capabilities.
The Virtual Access Pass allows you to live-stream select technical sessions and have access to the accompanying recordings until June 1, 2023 for on-demand viewing.
To see the sessions included in the Virtual Access Pass, visit the Technical Agenda and use the filter option in the corner and select "live-stream." "
IBM z/OS Version 3.1 and IBM zSecure Suite Announced
contributed By Ed Webb
On Tuesday February 28, 2023, IBM announced the next release of z/OS to be called V3.1 and a companion product, IBM zSecure Suite for zNext. z/OS 3.1 is available in late September 2023. zSecure is more of a Statement of Direction.
My quick review did not reveal any major new offerings; much of the announcement seemed to be updates that are available for z/OS 2.5 via SPE PTFs. I'll let you know more after SHARE this week.
"IBM® z/OS® 3.1 marks a new era in operating system intelligence. The new version of z/OS is planned to provide a framework for infusing AI throughout the system, enabling intelligent systems administration guidance and automation that learns and improves. With z/OS 3.1 as the foundation of a hybrid cloud strategy, enterprises can deploy and co-locate Linux®-based applications together with core business workloads and enjoy the unique value propositions of both environments. Built on over 50 years of continuous innovation, research, and development, z/OS is the core computing platform for the world's top financial institutions, insurers, retailers, utilities, governments and more. Designed for high availability with quantum-safe technologies, the new z/OS 3.1 will be a resilient platform for the future of industry's most critical workloads."
Read this complete announcement of z/OS 3.1.
Read the zSecure announcement here.
Your Most Important Asset in Support of Platform Portability
Contributed by Ed Webb
"We'll cut to the chase for those of
you that would just prefer to skip to the
conclusion. If your organization already
uses Db2 for z/OS with Parallel Sysplex
and Data Sharing, consider using it as a
central resilient, available, and secure data
service for your cloud-based applications.
Db2 along with Data Sharing will support
your cloud application's data service needs
without all the application complexity and
data-consistency uncertainty associated with
cloud data services. Keep the mainframe
as an integral part of your application
infrastructure to ensure data consistency
across cloud infrastructure. Now that you
read the conclusion, read on to find out why
this is can be so critical to your business.
An often-overlooked potential use of the
mainframe as a centralized data server is
its ability to support application platform
portability. ...."
Read this article from Enterprise Executive: 2023 Issue 1 for a detailed description of the role of the mainframe in your cloud applications, now and in the future.
Humor
Wit and Wisdom continued
contributed by Ed Webb
The worst part of having success is trying to find someone who is happy for you.
To err is human—to refrain from laughing is humane.
The difference between reality and fiction is that fiction has to make sense.
Don’t Forget the Next SPARTA Meeting
Tuesday, March 7, 2023
7 p.m.
Location: Online
Information about access to our online meeting will be sent to our e-mail list by Tuesday, March 7.
Free Food before meeting: Your Food at Your Home
Program:
To Be Announced
Speaker:
xxxx of yyyyy company
SPARTA Corporate Sponsors:
February 2023 Presentation outline
• Presentation Topic: A Practical Approach to Zero Trust Architecture [ZTA]
By Glennon Bagsby of NewEra Software
Assisted by Jerry Seefeldt of NewEra Software
Answering the requirements of NIST SP 800-27, EU Commissions statement 22 March 2022, and the UK’s NCSC 21 July 2021
ABSTRACT: Forrester Research has said “Zero Trust is becoming the security model of choice for enterprises and governments alike.” If your CIO or CISO asked you to develop a ZTA plan for your mainframe, would you know where to start?
• Agenda
• Why is ZTA Important? What is ZTA?
• Zero Trust Architecture [ZTA]
• How to get started establishing a ZTA for IBM z/OS Systems
• An example of an actual exercise to create a ZTA for z/OS critical datasets
• A demonstration of The Control Editor (TCE)
• NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
- “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.
- A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows.
- Zero trust “assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”
- - NIST SP 800-207
- - “Zero Trust Architecture”
- - August, 2020
• FORRESTER RESEARCH
- “Zero Trust is becoming the security model of choice for enterprises and governments alike. However, security leaders often don't know where to begin to implement it, or they feel daunted by the fundamental shifts in strategy and architecture Zero Trust demands.
- However, Zero Trust does not require that you rip out all your current security controls to start fresh, and with the right approach you can realize benefits right away.”
- - Forrester Research, Inc., report RES157736
• WHAT ARE ZERO TRUST AND A ZTA?
- Formal Definitions (from NIST SP 800-207)
- Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate,
least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.
- Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses
component relationships, workflow planning, and access policies.
• MY DEFINITION
- A major de-emphasis on perimeter security.
- A terminal or a user is not trusted simply because he or she is inside the firewall or similar.
- - This is sometimes called “an assumed breach.”
- Protections of internal access just like external protections.
- A de-emphasis on trusted devices and trusted people.
- All security is transaction by transaction, or at least in some small window in time.
- Security is granular, it is not all or nothing.
- It is not that Bob is “trusted” – it is that he is authorized (or not) to do some particular transaction.
- This is sometimes called “least privilege.”
As you can see, a whole lot less trust ...
• WHO WANTS TO TELL THEM WE DON’T TRUST THEM ANYMORE?
• THE GOAL FOR A ZTA IS TO RESOLVE 2 WEAKNESSES
- First: Perimeter security is not enough
- - A ZTA should be designed to protect the important resources INSIDE the perimeter.
- - An Extra form of protection is needed once a user has gained access by ANY means.
- - Think of how you protect items in your life and home.
- Second: USERs are Overprivileged
- - Example;
- - - John is new to System support Group. His responsibility to review and update the message suppression configuration. He will need access to the AO product and to the MPFLST00 member in PARMLIB. Since that member is in the PARMLIB dataset, he needs RACF granted access to the dataset. This would include ALL the members.
- - John is Overprivileged.
- - - A ZTA must provide a method for John to do his job, and also protect access to the other members by John.
• LOGICAL COMPONENTS OF ZTA
- Policy Decision Point (PDP)
- - An organizational entity that orders the implementation, continuous review and the auditing of system controls.
- Policy Enforcement Point (PEP)
- - System entities that make ZTA authorization decisions for themselves or other system entities that request such services.
- Extending the controls of: RACF, ACF2 and Top Secret-SAF
- Diagram not copied
• WOULD YOU KNOW WHERE TO START?
- Pick a Target Step 1
- - APFLIST
- - LINKLIST
- - LPALIST
- - TCP/IP configuration files
- - PARMLIB
- - PROCLIB
- Pick a Target Step 2
- - Take Inventory
- - - Evaluate the Importance of the Resources
- Pick a Target Step 3
- - The APF LIST example has a variety of DATASETS;
- - - 20 different HLQs Almost 200 datasets
- - - - 13 start with SYS1
- - - - 5 start with TCPIP
- - How do you understand the role and importance of each category of dataset?
- - How do you understand what controls should be on each category of dataset?
• WOULD YOU KNOW WHERE TO START?
- Essential
- Critical
- Significant
- - ALL of the DATASETS are Important
• START WITH THE CONTROL EDITOR (TCE)
- Capabilities for PDPs and PEPs:
- - 1. Backup prior to any change
- - 2. Detected changes
- - 3. Documentation of change
- - 4. Notification of change via email or SMS
- - 5. BATCH changes must be supported
- - 6. Additional PASSWORD required
- - 7. ACCESS determined at the MEMBER level (Excessive access checking)
- - 8. ACCESS granted by type of request
- - 9. Additional TOKEN challenge
- Essential (9)
- Critical (6,7,8)
- Significant (3,4,5)
- ALL of the DATASETS are Important (1,2)
• Policy Enforcement Point, Decision Point, TCE
- Diagram Not Copied
• Summary: THE GOAL FOR A ZTA IS TO RESOLVE 2 WEAKNESSES
- First: Perimeter security is not enough
- Second: USERs are Overprivileged
- The Control Editor from NewEra Software provides the ability to overcome these weaknesses
The presentation ended at about 8:20 P.M.