IBM Health Checker for z/OS for CICS security

Checking and reporting of key security configuration settings in CICS® regions identifies configuration issues, potential compliance exposures, and enables simpler auditing.

Security best practice (validated by IBM Health Checker for z/OS): In the CICS documentation, configuration best practices that are validated by IBM® Health Checker for z/OS® are highlighted in boxes, like the one that surrounds this statement.

For an overview of this capability, including information on excluding certain health checks, see Auditing CICS configuration with IBM Health Checker for z/OS.

Set up for health checks

No configuration is necessary within CICS to run the health checks.

See IBM Health Checker for z/OS User's Guide for further details on how to use and configure the IBM Health Checker for z/OS.

CICS region tagging can be used to manage the CICS health checks that are excluded from running. For example, you might have a development or sandbox region that you do not want checked to prevent false positives. You can identify such regions based on the assigned APPLID, region user name, or job name and exclude them from all CICS health checks. You might also want to exclude specific health checks from running for all regions. For more information, see Classifying CICS regions with region tagging.

To review the details of the Health Check output, use the TSO SDSF CK command. For more information, see Health Check panel (CK) in z/OS documentation.

Available CICS health checks

To review the details of the Health Check output, use the TSO SDSF CK command. For more information, see Health Check panel (CK) in z/OS documentation.