The first requirement is for a session to be established between the two systems. This does not, of course, happen on every request; a session, once established, is usually long-lived. Also, the connection request that establishes the session can, depending on the circumstances, be issued either by the remote system or by your CICS® system. However, the establishment of a session presents the first potential security exposure for your system.
Your security concern is to prevent unauthorized remote systems from being connected to your CICS system; that is, to ensure that the remote system is really the system that it claims to be. This level of security is called bind-time security (also known as systems network architecture (SNA) session security). It can be applied when a request to establish a session is received from, or sent to, a remote system.
You can specify bind-time security for LU6.2 and multiregion operation (MRO) links, but not for LU6.1 links.