Overview / Platform / iCompliant
iCompliant — IBM i configuration assessment platform
Assess every aspect of IBM i security, from system configuration to object authorization — as frequently as you need, with no software installed on the target system.
Total coverage
Assess all aspects of IBM i security — from system configuration to object authorization.
Run it as often as needed
Execute compliance assessments as frequently as you need, on your schedule.
Defense in depth
Implement a strategy that reduces the risk of exploitation even when a vulnerability occurs.
IBM i (formerly AS/400) systems play a critical role in their owners' business processes. Yet their security testing and monitoring usually don't reach the level we expect for Windows, Linux or Unix hosts. Silent Signal's proprietary iCompliant tool supports the secure operation and hardening of IBM i systems to minimise the attack surface. The knowledge integrated into iCompliant rests on three pillars:
- Industry recommendations — checks ensure compliance with best practices and standards (PCI-DSS, SOX, COBIT, ISO 27002).
- Hands-on penetration testing experience — targeted hardening against practical attacks that fall outside the usual scope of security standards.
- The latest IBM i research at Silent Signal — integrated to deliver exclusive defensive solutions.
iCompliant applies this knowledge to examine the overall security posture of target systems and deliver comprehensive results: weaknesses to remediate and settings to improve.
How it works
Built like a framework, not a checkbox.
Modular architecture
Enable audit checks one by one per target. Build custom, system-specific checks yourself or with Silent Signal's help.
Zero dependencies
Launch checks from workstations or servers, on Linux or Windows. No additional software on the target systems.
Time well spent
Clear issue descriptions and prioritisation based on offensive experience ensure defenders solve the right problems first.
Supports the process
Flexible export formats deliver findings to existing risk-management systems; guided questionnaires capture accurate operator input.
The deliverable
See the report.
Screenshots from a real iCompliant report — executive summary, table of contents, and findings graded failed, warning and passed, each with prioritised, practical guidance. Click any image to view it full size.
Pricing
Transparent, published pricing.
Subscriptions cover year-long periods with all updates and new releases. Every plan includes unlimited scans and all current and future test cases released during the subscription.
| Plan | Starter | Professional | Enterprise | Scan as a Service |
|---|---|---|---|---|
| LPAR limit | Up to 3 LPARs | Unlimited | Unlimited | N/A |
| Scans per year | Unlimited | Unlimited | Unlimited | 2× per year |
| Report format | Standard | Standard | Custom-branded | Custom-branded |
| Custom check development | — | — | 5 days included | — |
| Additional check development | €1,500 / day | €1,500 / day | €1,000 / day | €1,500 / day |
| Support | Email + priority | Dedicated contact | Dedicated contact | |
| Who runs the scans | You | You | You | Silent Signal (remote) |
| Annual price | €12,000 | €30,000 | €36,000 | €12,000 |
All prices exclude VAT. Annual licences are invoiced upfront. Services are based on remote execution via a network connection provided by the customer; on-site engagements are available on request and quoted separately. Multi-year discounts available on request.
Pilot Assessment
See what iCompliant finds before committing to a licence. We run a focused scan of the ~20 most critical pentest-based checks — the attack paths and misconfigurations generic compliance tools don't look for — on a single LPAR, and deliver the full report. You run the scan using iCompliant; we provide setup guidance and a one-hour results review.
Buy a licence within 30 days and €1,500 is credited toward your first year.
Your policies, your rules
Every organisation has policies, internal requirements or configurations no off-the-shelf tool covers. iCompliant supports fully custom audit checks written for your environment — scoped jointly, then delivered as signed, versioned packages that integrate into your deployment. Priced per day; Enterprise includes 5 days. Custom days are for audit-check development; output formats, connectors and integrations are quoted separately.
We run it for you
No internal resources to run iCompliant, or just want a point-in-time assessment without an annual licence? We handle deployment, execution and report delivery — a full report for each covered system, twice a year, with nothing to install on your side. Popular ahead of audits, certifications, or M&A due diligence requiring an independent IBM i assessment.
Frequently asked
Questions customers ask us.
Is iCompliant just a compliance check tool?
While iCompliant can ensure compliance with best practices from organisations like CIS or IBM, its primary goal is practical guidance for defending against all phases of the intrusion kill chain. In its base configuration, the knowledge base incorporates hands-on experience from pentest projects and research to refine recommendations and prioritisation.
Examples
- Some APIs are accessible to all users by design; iCompliant checks hardened access controls, since these APIs are commonly used in privilege-escalation exploits.
- iCompliant provides information for local and remote attack-surface reduction.
Can iCompliant be used for real-time monitoring?
iCompliant is not a monitoring tool and isn't meant to provide real-time data. Some audit items check the state of large numbers of objects, which takes time, so items are grouped — quick checks run frequently, heavier audits run when load is low.
Examples
- A scheduled task can check system values hourly, while authorities on file objects are checked monthly.
- Selected audit items can be run on demand, e.g. after significant configuration updates.
I have Exit Programs — why would I need iCompliant?
Exit programs are important, but not silver bullets: not every interface can be protected by them, and some vulnerabilities are reachable through allowed transactions. Defense-in-depth means anticipating that some controls fail, so systems must be hardened in multiple layers.
Example
- Vulnerabilities in third-party applications generally can't be mitigated with exit programs.
Our IBM i systems aren't exposed to the Internet — why would I need iCompliant?
Modern attacks commonly start inside the corporate perimeter, exploiting client-side vulnerabilities or abusing human trust. Given how frequently internal systems are involved in incidents, the lack of data about IBM i incidents only suggests the industry lacks the means to detect them.
Example
- The 'Kemuri Water Company' incident showed that even low-skilled groups can and do target IBM i systems.
Does iCompliant run on IBM i?
iCompliant is meant to run on external workstations or servers and requires no extra software installed on the target IBM i systems.
Examples
- A scheduled task on a Linux server can periodically generate reports about IBM i systems.
- SOC analysts can run individual checks for human review from their Windows workstations.
Can I import iCompliant results into our vulnerability-management system?
Alongside standard integrations (Excel and JSON export; Jira integration), iCompliant can be extended to support arbitrary export formats and APIs.
Examples
- Custom exporters can push results via a REST API.
- Default JSON output can be transformed with standard tools for any JSON-compatible ingestor.
Compliance results are always too generic — how does iCompliant handle the specifics of my systems?
As a framework, iCompliant allows custom audit items and fine-tuned results to match the unique expectations and requirements of the target systems. Relevant items can be selected per security requirement.
Examples
- Custom items can verify that critical business objects are only accessible by specific users.
- Custom corporate password-policy enforcement can be added to regular compliance checks.
How much does customising iCompliant cost?
Customers can extend iCompliant with new audit items at no limit or extra cost, by creating configuration files in an easy-to-understand, fully documented format. If building items in-house isn't an option, custom audit-item development services are available — contact us for details.
What licensing options are there?
Subscriptions cover year-long periods, during which all relevant updates and releases are delivered. Subscription licences are limited by the number of target IBM i systems. All plans include unlimited scans and cover all current and future test cases released during the subscription period. See the pricing table above.
What is the iCompliant Exclusive Vulnerability Feed (EVF)?
Silent Signal performs unique research focused on IBM i to uncover previously unknown vulnerabilities of the platform and its ISVs. The EVF provides access to this research so customers can mitigate vulnerabilities even before vendor fixes are available. It is available to select Base Subscription customers at different levels:
Level 40 — 0-day detection
- Customers receive Audit Items so affected software is detected automatically by the framework; detection items produce mitigation guidance in the report when an unpatched vulnerability is found.
Level 50 — 0-day demonstration
- Includes a demonstration attempt for any vulnerability in the feed, on covered systems, performed by senior experts over a remote connection during agreed time frames.
What software types are included in the EVF?
The core IBM i and popular ISV applications are included.
Example
- If your company uses a popular Exit Point Manager, EVF Level 40 gives you information about vulnerabilities affecting it and mitigation guidance before vendor patches are available.
What's included in support?
Basic support includes communication via e-mail, 8×5 support hours (CET/CEST), and next-business-day response to the initial report. Additional support options are available on request.
What about ransomware protection/detection?
Ransomware is not an IBM i-specific problem; it primarily affects IBM i at integration points with the wider corporate infrastructure. Defending against it requires strategies across all platforms. iCompliant contributes on the IBM i side through attack-surface reduction and verification of access controls.
Get started
See iCompliant on your own system.
Request a demo, or start with a €2,000 Pilot Assessment on one LPAR.
Request an iCompliant demo →