What CICS security protects

Let us take a brief look at the assets that CICS® manages, and potential exposures. The assets are the application programs, the application data, and the application output. To prevent disclosure, destruction, or corruption of these assets, you must first safeguard the CICS system components themselves.

There are two distinct areas from which exposures to the CICS system can arise. The first of these is from sources external to CICS. You can use RACF® data set protection as the primary means of preventing unauthorized access, from either TSO users or batch jobs, to the assets CICS manages.

The other potential area of exposure arises from CICS users. CICS provides a variety of security and control mechanisms. These can limit the activities of CICS users to only those functions that any particular individual user is authorized to use:
Transaction security
Ensures that users that attempt to run a transaction are entitled to do so
Resource security
Ensures that users who use CICS resources are entitled to do so
Command security
Ensures that users who use CICS system programming commands are entitled to do so