Data Security Software

Home Solutions Security for IBM z (Mainframe)

Mainframe Security - Enforcive

Mainframe Security for CICS is first and foremost about identifying system users and controlling their access to system resources. Alongside these measures of authentication and authorization is the process of auditing activity which has taken place on the computer, through the collection and logging of events and their subsequent review. Below is an overview of the main functionality provided in the CICS security product range, including VSE (CICS 2.3 and CICS/TS) and MVS environments. For full product information, see Enforcive mainframe security software.
Mainframe Security – File Authorization

Field-Level Protection

Enforcive's mainframe security products control user access to files, records and fields. They cover: DB2 tables, VSAM files and IMS records (see IMS Security). User-defined rules determine user access to records and fields. VSAM or IMS fields or DB2 columns can be masked from view from unauthorized users or made viewable while preventing their update. Authorization can be applied to complete DB2 tables, independent of application or PLAN, and is valid for all current and future applications.

User-Oriented Approach

Permissions are defined in a user-centric manner, where each user or profile is given access only to the resources they require - files, programs, transactions, terminals, records and fields. Enforcive's products integrate fully with IBM's RACF and CA's Top Secret and the users defined in them.

User Menus to Enhance Mainframe Security

A menu generator is built into the product to simplify the process of running transactions while at the same time contributing to mainframe security. Users have the convenience of clearly-named tasks rather than having to remember transactions and parameters, while preventing the user from freely entering transaction code .
Mainframe Security – User Menus

Mainframe Security Audit

Auditing of administrator and user activity is an item of importance in regulations dictating information security and mainframe audit activity. The auditing capabilities of Enforcive's mainframe security products for MVS and VSE give you real-time monitoring and viewing of events, sorting, filtering and reports. A real-time intrusion detection mechanism delivers alerts following the occurrence of selected events you have defined. See mainframe security audit.

Special Features for VSE CICS

VSE CICS has notably fewer mainframe security features than those found in MVS. For example, passwords are not encrypted and can be viewed by anyone who knows where to find them. They can be viewed and changed by others and there is no password security policy such as forced changes of password or automatic locking out of users who make repeated errors in logging in.
Many VSE machines are in operation today running vital tasks. Password encryption and resource protection against unauthorized view or change are built into Enforcive's mainframe security product for VSE CICS, along with a host of other features to improve mainframe security. Users can be forced to change their password at set intervals and can be locked out of the system until re-enabled by the security officer. Once users are defined and authenticated, their access to resources can be controlled.
Want to learn more?