CONDUIT TICKET REPORT

Finding Summary

Short description

[TITAN] High — legacy_eol on as400-claims-v7r2

Severity

High

Priority

2 - High

Resource

as400-claims-v7r2

Resource type

IBM::IBMi::LPAR

Cloud

Multi

Subscription / Account

Resource group: dc-prod-east

Resource group / Project

dc-prod-east

The Security Finding

IBM i (AS/400) V7R2M0 detected — past end-of-life 2021-04-30 (1097 days). Runs claims-adjudication workload with PHI. No IBM i ESU equivalent. Fails HIPAA 164.308(a)(1), PCI DSS 6.2, NIST 800-53 SI-2, HITRUST 10.g.

ITIL Change Management Fields

Justification

High: IBM i (AS/400) V7R2M0 detected — past end-of-life 2021-04-30 (1097 days). Runs claims-adjudication workload with PHI. No IBM i ESU equivalent. Fails HIPAA 164.308(a)(1), PCI DSS 6.2, NIST 800-53 SI-2, HITRUST 10.g.

Implementation Plan

1. Pre-change snapshot captured by TITAN (auto-rollback available).
2. Execute fix command:
   Upgrade to IBM i 7.5 (extended support through 2031). Compensating: Precisely Assure security monitoring, network segregation to PACS/EHR only, session audit to SIEM.
3. TITAN FORGE verifies the fix was applied.
4. Post-change rescan by TITAN SCOUT — finding must no longer appear.
5. Close ticket with Successful close_code.

Risk & Impact Analysis

Risk level: MEDIUM-HIGH risk — misconfiguration with realistic exploit path.
Business impact if unremediated: Increases attack surface; auditor finding likely.
Scope: single resource (as400-claims-v7r2).
Blast radius: change is idempotent; pre-change snapshot captured by TITAN; auto-rollback available if rescan fails.
Finding detail: IBM i (AS/400) V7R2M0 detected — past end-of-life 2021-04-30 (1097 days). Runs claims-adjudication workload with PHI. No IBM i ESU equivalent. Fails HIPAA 164.308(a)(1), PCI DSS 6.2, NIST 800-53 SI-2,

Backout / Rollback Plan

1. TITAN auto-captured snapshot of as400-claims-v7r2 before change (baseline: titan-legacy-demo-20260422T201927Z).
2. If post-change rescan still shows the finding OR a new issue appears within 15 min:
   a. TITAN FORGE fires rollback automatically using stored snapshot.
   b. Incident reopens and escalates to on-call.
3. Manual rollback command path (human override) is documented in close notes.

Test Plan

1. TITAN SCOUT rescans as400-claims-v7r2 immediately after FORGE applies the change.
2. PASS criteria: the specific finding no longer appears in SCOUT results.
3. PASS criteria: no new CRITICAL or HIGH findings introduced by the change.
4. Automated compliance check: HIPAA/PCI/SOC2 controls re-evaluated.
5. If any check fails, backout plan fires automatically.

Recommended Fix

Upgrade to IBM i 7.5 (extended support through 2031). Compensating: Precisely Assure security monitoring, network segregation to PACS/EHR only, session audit to SIEM.

Compliance Mapping

Routing Metadata

Assignment group

security_engineering

Change type

Normal

Approval required

Yes

Planned start

2026-04-22 20:03:27

Planned end

2026-04-22 22:03:27

Scan ID

titan-legacy-demo-20260422T201927Z

Generated at

2026-04-22T19:49:27+00:00

Opened

2026-04-22 19:49:27

Closed

2026-04-22 19:49:27

Close code

—

Attached Security Ticket

IBM i (AS/400) V7R2M0 detected — past end-of-life 2021-04-30 (1097 days). Runs claims-adjudication workload with PHI. No IBM i ESU equivalent. Fails HIPAA 164.308(a)(1), PCI DSS 6.2, NIST 800-53 SI-2, HITRUST 10.g.

Recommended Fix: Upgrade to IBM i 7.5 (extended support through 2031). Compensating: Precisely Assure security monitoring, network segregation to PACS/EHR only, session audit to SIEM.

AI Close Notes

TITAN CONDUIT opened this high legacy_eol ticket and assigned it to the security_engineering group for review. STATE: ASSIGNED — awaiting human action. Per TITAN AI policy, configuration changes are NEVER auto-applied and tickets are NEVER auto-closed by TITAN. The assigned group reviews the recommended fix, schedules an approved maintenance window, applies the fix manually, validates via SCOUT rescan, and closes this ticket themselves. TITAN documents and routes — the human owns the change from here.