Securing IMS

CA Top Secret provides security protection for IMS transactions, applications, resources, and regions in the IMS/DC environments:

Message Processing Regions (MPP)
Batch Message Regions (BMP)
Fast Path Regions (FP)
Multiple Systems Coupling (MSC)

IMS uses the z/OS Standard Security Interface to drive CA Top Secret. No modifications to IMS or IMS installation exits are required. Some parameter changes to the basic IMS security macro are required to establish what is protected by CA Top Secret and what is to be protected by IMS default security (SMU).

Signon Security and Authorization Restrictions

To sign on to IMS, a user’s ACID must be authorized to access the IMS facility.

To grant access authorization you can:

Add the facility to the ALL Record
Add the FACILITY parameter to the ACID

Most users have to explicitly sign on to IMS using the IMS SIGN command. CA Top Secret then checks that the user is authorized to access IMS.

Users can be restricted from signing on to more than one terminal at a time.

To secure IMS, enter the command:

TSS ADDTO(USER) FACILITY(IMSTEST)

Terminal Security

CA Top Secret can:

Restrict terminal use to only authorized users
Restrict users to sign on only from specific terminal/readers
Restrict users to accessing only particular regions from certain terminals
Prevent a user from signing on to the same region from multiple terminals
Protect unattended terminals against unauthorized access with automatic terminal locking
Establish cumulative security violation thresholds

Job Submission Validation

Online jobs submitted under IMS are treated the same as for any other online facility.

Security Administration

Security administrators can use the TSS command under IMS to perform all security administration.

Changes to the security database made through a TSS command are immediately recognized by all facilities. CA Roscoe IE can be administered through an IMS session.

Multiple Sign ons

Multiple concurrent sign ons is a site‑selectable option.