Configuring the BMS 3270 Intrusion Detection Service

Modification of protected fields might compromise the security of an application. The CICS® BMS 3270 Intrusion Detection Service allows CICS to detect whether a 3270 emulator invalidly modifies a protected field that is generated by a BMS map. This feature works together with the 3270 Intrusion Detection Service that is provided by IBM® z/OS® Communications Server. You can opt into this capability by configuring the com.ibm.cics.bms.ids feature toggle.

For instructions on how to enable a feature toggle, see Specifying feature toggles. For more information about 3270 sessions, see 3270 sessions.

Feature toggle for enabling this feature

com.ibm.cics.bms.ids={true| false }

Feature toggles for setting configuration options

com.ibm.cics.bms.ids.action={abend|ignore| log }

Specifies how CICS handles the detection of a protected field that is overwritten by a 3270 emulator. The values are as follows:

abend

CICS abends transaction ABSX.

ignore

CICS ignores the request.

log

CICS issues a DFHTF0200 message with the details of the overwrite, which is the default.

This configuration option sets the default that is passed to the URM DFHBMSX. If you need to configure BMS 3270 IDS to be specific about which applications or maps the service applies to, use the URM DFHBMSX for configuration. In general, this configuration would be necessary only if an application made unusual use of the 3270 data stream and reported false hits. The URM DFHBMSX overrides this configuration option.

com.ibm.cics.bms.ids.vtamignore={ true |false}

Use this option only under the guidance of IBM service. It specifies whether CICS informs IBM z/OS Communications Server that it is taking responsibility for checking the data when it is sending 3270 data that is related to a BMS request. This option notifies IBM z/OS Communications Server Intrusion Detection Services that it can ignore the request.