What CICS security protects
CICS manages application programs, the application data, and the application output. To prevent disclosure, destruction, or corruption of these assets, you must first safeguard the CICS system components themselves.
There are two distinct areas from which exposures to the CICS system can arise. The first of these is from sources external to CICS. You can use RACF® data set protection as the primary means of preventing unauthorized access, from either TSO users or batch jobs, to the assets CICS manages.
- Transaction security
- Ensures that users that attempt to run a transaction are entitled to do so
- Resource security
- Ensures that users who use CICS resources are entitled to do so
- Command security
- Ensures that users who use CICS system programming commands are entitled to do so
CICS® itself does not provide facilities to protect its own assets from external access. You must restrict access to the program libraries, to the CICS regions, and to those responsible for incorporating approved application and system changes. Similarly, the data sets and databases used by CICS and by CICS applications must be accessible only by approved batch processing and operations procedures.
CICS does not protect your system from application programs that use undocumented or unsupported interfaces to bypass CICS security. You are responsible for ensuring that such programs are not installed on your system.
CICS does not protect your application source libraries. You should ensure that procedures are established and followed that prevent the introduction of unauthorized or untested application programs into your production application base. You must also protect the integrity of your system by exercising control over libraries that are admitted to the system and changes to those libraries.