Data in memory

In a security context, data in memory refers to data in the CICS® address space memory, such as CICS control blocks and application storage. You must consider how to protect the integrity and confidentiality of this data.

Sensitive data written to the internal CICS trace table can be redacted to prevent the confidential data from appearing in external and internal trace records in a transaction or system dump. For more information, see Removing sensitive data from CICS trace using CONFDATA.

For information about other situations in which data must be protected, see How it works: Confidentiality and integrity in CICS.

Integrity of data in memory is implemented by ensuring that unauthorized users or programs cannot accidentally or maliciously change data. z/OS® contains many features to protect programs; see z/OS and system integrity for an overview of these functions.

CICS provides storage protection and transaction isolation to prevent accidental or malicious overwrites of data between programs. For information, see Storage protection and Transaction isolation.

Assembly language programs can use non-authorized instructions to switch between CICS-key and user-key storage. To maintain integrity, review all assembly language programs before you install them in a CICS region.