CICS_CEDA_ACCESS
CICS_CEDA_ACCESS checks whether the CICS® default user has access to the CEDA transaction, or whether CICS security is turned off by the SIT parameter SEC=NO. If either is detected, it means that anyone using a 3270 device or terminal emulator can use the CEDA transaction to change the configuration of CICS, thus compromising the security of this CICS region and other regions if the CSD is shared.
- Description
- Define regions with SEC=YES and secure the CEDA transaction so that only authorized, signed-on users can make changes to system configuration.
- Reason for check:
- Avoid compromising the security of CICS where any user
accessing the system using a 3270 device or terminal emulator can use the CEDA transaction to change
the configuration of CICS.
In general, regions should be defined with SEC=YES and CEDA should be secured so that only authorized, signed-on users can make changes to system configuration.
If you do need to run CICS with SEC=NO, disable CEDA access for this region, or configure the region to run in an isolated LPAR.
- z/OS releases the check applies to:
- Any z/OS release that supports CICS TS 5.4.
- Minimum CICS TS release required:
- All supported CICS releases.
- Type of check (local, remote, or Rexx):
- Local.
- User override of IBM values:
- No.
- Debug support:
- No.
- Verbose support:
- No.
- Parameters accepted:
- None.
- Reference:
- For more information: CEDA - resource definition online
- Messages:
- This check issues the following messages:
- DFHH0001E - The CEDA transaction is accessible to unauthenticated users.
- DFHH0301I - All CEDA transactions are protected from unauthenticated users.