Simuna InfosecSIMUNA INFOSEC
Technical

Legacy System and Mainframe Security: Assessing Systems Too Critical to Replace

Mainframes and legacy systems process critical transactions but may lack modern security controls. Assessment approaches for irreplaceable infrastructure.

Legacy systems — mainframes running COBOL, AS/400 systems, decades-old applications — often process the most critical business transactions (banking, insurance, government) but lack modern security controls. Assessment covers: access control (RACF, ACF2, TopSecret configuration), network exposure (are mainframe services accessible from modern networks?), application security in legacy code, encryption of data at rest and in transit, audit logging adequacy, and the security of interfaces between legacy and modern systems.