Notifications
Clear all
Topic starter
25/06/2026 10:24 pm
TL;DR: CICS access management and related identity operations are the focus of a July 14 HelpKey webinar, giving practitioners a time-bound briefing on access control, configuration, and operational support in mainframe environments, according to ASPG. The event matters because legacy platforms still depend on identity decisions that must remain governable, auditable, and resilient across human and non-human access paths.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should teams govern CICS access in a legacy mainframe environment?
A: Treat CICS access as part of enterprise identity governance, not a separate admin task.
Q: Why do legacy platforms create more access governance risk?
A: Legacy platforms often preserve long-lived permissions, shared accounts, and undocumented exceptions because stability was valued over lifecycle discipline.
Practitioner guidance
- Inventory all CICS administrative and operational identities Build a complete list of human and non-human identities that can reach CICS transaction paths, privileged commands, and support functions.
- Tie each entitlement to an accountable owner Require a current business or operational owner for every CICS access grant, including the reason it exists and the conditions under which it should be removed.
- Separate day-to-day access from privileged recovery access Keep routine operator permissions distinct from break-glass or emergency access, and make sure elevated permissions are reviewed on a different cadence.
What to expect at the briefing
ASPG's full event listing covers the live briefing details this post intentionally leaves to the source:
- The exact webinar schedule and registration context for the HelpKey session.
- The event entry point for practitioners who want ASPG's own framing of CICS access management.
- The practical way to connect the session to ASPG's broader product and support ecosystem.
- The source page that confirms the live event listing and logistics.
👉 Register for ASPG's HelpKey webinar on CICS access management →
HelpKey webinar on CICS access operations - July 14?
Explore further
25/06/2026 10:55 pm
CICS access management is still identity governance, not just platform administration. Legacy transaction systems do not sit outside IAM because they are old. They still expose the same governance questions about who can act, under what authority, and with what evidence. The field should treat mainframe access as part of the same control plane that governs privileged human access and non-human operational identities.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: Who should be accountable for privileged access on CICS systems?
A: Accountability should sit with the business or operational owner who can justify the access, not only with infrastructure teams that administer it. For privileged functions, PAM or equivalent oversight should define approval, monitoring, and removal conditions so emergency access does not become permanent.
👉 Read our full editorial: ASPG HelpKey webinar signals identity and access operations for CICS
