Skip to content

What is Maintegrity Cyber Security Framework (CSF)?

MainTegrity CSF brings modern cybersecurity to IBM z/OS. While most mainframes still rely on outdated or disconnected tools or reactive identification and resolution processes, CSF closes the gap with real-time threat detection, instant response, and guided recovery — all in one platform.

Originally built as a next-generation integrity monitor, CSF now goes far beyond that. It stops attacks in progress, identifies what was affected, and helps teams recover with speed and precision.

CSF has been built to meet PCI DSS, NIST, DORA and other regional compliance standards, such as the Hong Kong Critical Infrastructure Bill, local (Australian Standards) such as CPS230/234 (Operational Risk and Info Security), the Security of Critical Infrastructure Act and AS IEC 62443 for protecting Operational Technology (OT) in critical infrastructure, from cyber threats and compliance requirements. It is a native z/OS solution with modern GUI, integrates seamlessly with ServiceNow, Splunk, QRadar and BMC, installs easily, has minimal system impact and works with your existing tools. Its browser-based interface makes complex tasks simple, so both experienced mainframers and newer team members can act quickly and with confidence.

CSF provides end-to-end mainframe protection with millisecond threat response, <5% false positives and includes integrated capabilities for File Integrity Monitoring (FIM+), Early Warning for 24/7 threat suspension, Data Exfiltration Detection and Recovery Assistant for surgical restoration.

Watch this short video that talks more about CSF’s features, functions and benefits, here.

Key Feature Summary:

  1. Block Ransomware Attacks
  • Detect unauthorized changes and identify exactly who did it
  • Continuously monitors for unauthorized changes to critical datasets, executables, and configurations. If ransomware or a malicious actor alters your environment, the system not only catches it in real time but pinpoints the source by analysing SMF records to show who made the change, when, and how.
  • Uses cryptographic hash keys to detect any unauthorized changes.
  • Required for PCI DSS 10.5/11.5 and NIST compliance, FIM+ eliminates 95% of false positives through intelligent whitelisting that learns authorized changes.
  • Forensic-level audit trails.
  • Integrates with SIEM platforms, provides instant alerts and enables precise identification of compromised components.
  • Foundation technology for surgical recovery and compliance reporting.
  1. Block z/OS Authorization Tampering
  • Stop privilege escalation and security bypasses
  • Catches unauthorized attempts to escalate privileges, impersonate users, or bypass security controls such as RACF/ACF2/TSS. It flags misuse of AC=1, cloned ACEEs, or suspicious changes to security settings, blocking attackers before they gain control.
  1. Identify 40+ Security Gaps
  • Live violations of z/OS security policy
  • Is the only product that identifies live violations of z/OS security policy and can halt offending tasks immediately. It can also revoke the guilty user’s authority on the spot without impacting other workload.
  • Unique “suspend and investigate” capability gives security teams time to respond without damage occurring. Reduces alert fatigue with <5% false positives through intelligent whitelisting. Provides the “gift of time” by stopping attacks before encryption or exfiltration begins.
  1. Freeze Threats <1 Second
  • Lightning-fast response that sets CSF apart.
  • Halt offending tasks and lock out compromised user IDs instantly, interrupting attacks in their tracks while support investigates. This sub-second response is what makes CSF revolutionary – minimal performance impact (~110 instructions every two seconds).

Now check out what’s new in the latest release CSF 3.2 –

  1. Data Theft Protection
    • Detect and stop data transfers to unknown IP addresses.
  2. Instant User Lockout
    • Revoke offending user IDs when compromised.
  3. Tamper Detection
    • Flag use of AMASPZAP and VTOC manipulation.
  4. Block Dangerous Commands
    • Prevent malicious operator commands before damage occurs.
  5. Monitor Reconnaissance
    • Detect suspicious user activity before an attack.
  6. Enhanced Human Interface
    • Web-based interface for quicker investigation.
  7. Network Statistics
    • Monitor abnormal usage patterns and connections.
  8. Behaviour Learning
    • Reduce false positives with intelligent monitoring.

And in detail in the fact sheet here.

Interested in finding more about how we, Vertali APAC, with our strategic partner, Maintegrity, can help secure your Mainframe operational environment from potential Bad Actors (not from Hollywood or Bollywood), Hackers and/or Cyber Criminals, then contact the Vertali APAC team for more information at –

infoANZ@vertali.com (Australia/New Zealand) or infoAPAC@vertali.com (Asia Pacific region).

Copyright © 2026 Vertali Limited. All rights reserved.

Back To Top

Based on your location, we think you may prefer the Vertali APAC site where you’ll get regional content, offerings and contacts.

Dismiss