Page tree
Skip to end of metadata
Go to start of metadata

Summary: This document provides information about the extension that provides the ability to add data sensitivity markers based on key words for objects produced by the Mainframe Analyzer (from version ≥ 1.0.8).

Extension ID


What's new?

Please see Mainframe Sensitive Data - 1.0 - Release Notes for more information.


Some Mainframe objects define data and some of this data can be sensitive, for example, information such as:

  • Salary
  • Bonus
  • First Name
  • Last Name
  • Contact details
  • etc.

This extension, when installed with the Mainframe Analyzer (≥ 1.0.8), will search your Mainframe objects for specific key words (that you define) and when a key word is found, a property will be added to the object that marks it as sensitive.

Note that AIP Console ≥ 1.26 also provides the ability to check data sensitive keywords for GDPR/PCI-DSS requirements. See Standard onboarding - add a new Version - deliver code - generate snapshot.

CAST AIP Core compatibility

This extension is compatible with:

CAST AIP Core releaseSupported

Supported DBMS servers used for CAST AIP schemas

This extension is compatible with the following DBMS servers used to host CAST AIP schemas:

CAST Storage Service/PostgreSQL(tick)


(tick)An installation of any compatible release of CAST AIP (see table above).
(tick)Mainframe Analyzer ≥ 1.0.8.

Download and installation instructions

Please see:

The latest release status of this extension can be seen when downloading it from the CAST Extend server.

Configuration instructions

Define the .datasensitive file

After having downloaded and installed the extension and before running a new analysis, you must first define the key words that will be used to identify the data which you want to flag as sensitive. To do this, you will need to create an empty text file with the extension .datasensitive. You should then fill this file with your key word definitions, using the format shown below:

  • one key word per line
  • three levels of sensitivity can be defined
keyword=Highly sensitive
keyword=Very sensitive

For example:

SALARY=Highly sensitive
BONUS=Highly Sensitive
PHONENO=Very sensitive

The three levels of sensitivity that can be defined are case sensitive and must respect the format listed above otherwise they will be ignored.

Deliver the .datasensitive file

The .datasensitive file must be delivered with your Mainframe source code. It must be stored in a folder called Database which is located in the root folder of your delivery. If it is located anywhere else it will be ignored. For example:

Click to enlarge

What results can you expect?

This extension targets data stored in the following object types

  • Cobol File Link/JCL Dataset
  • IMS Segment

When a .datasensitive file is delivered and a defined key word is located in one of these objects, the "sensitive" flag will be added as an object property, and the sensitive data will be listed. This can be seen using CAST Enlighten (for example).

The Cobol File Link object contains the data definition and the JCL Dataset is the physical storage method. If a prototype link type is identified between the Cobol File Link (caller) and the JCL Dataset (callee), then both the JCL Dataset and the Cobol File Link will be flagged as "sensitive" when a keyword is located. If this link type is not found, then only the Cobol File Link will be flagged when a keyword is located.

JCL Dataset

IMS Segment

  • No labels