Mainframe Sensitive Data - 1.0

This document provides information about the extension that provides the ability to add data sensitivity markers based on key words for objects produced by the Mainframe Analyzer . See also Data Sensitivity for more information about other technologies that support Data Sensitivity checks.

Extension ID


What’s new?

Please see Mainframe Sensitive Data - 1.0 - Release Notes for more information.


Some Mainframe objects define data and some of this data can be sensitive, for example, information such as:

  • Salary
  • Bonus
  • First Name
  • Last Name
  • Contact details
  • etc.

This extension, when installed with the Mainframe Analyzer (≥ 1.0.8), will search your Mainframe objects for specific key words (that you define) and when a key word is found, a property will be added to the object that marks it as sensitive.

Note that CAST Console ≥ 1.26 also provides the ability to check data sensitive keywords for GDPR/PCI-DSS requirements.

AIP Core compatibility

CAST AIP Core release Supported
8.3.x (tick)

Download and installation instructions

This extension will be automatically downloaded and installed when Mainframe source code is delivered for analysis.

Note that if you are using the legacy workflow without Fast Scan in CAST Console (not required when using the Fast Scan workflow where this option is automatically enabled), you must also manually enable the Data Sensitivity option as part of the source code delivery process:

Configuration instructions

Define the .datasensitive file

After having downloaded and installed the extension and before running a new analysis, you must first define the key words that will be used to identify the data which you want to flag as sensitive. To do this, you will need to create an empty text file with the extension .datasensitive. You should then fill this file with your key word definitions, using the format shown below:

  • one key word per line
  • three levels of sensitivity - these are case sensitive and must respect the format listed below otherwise they will be ignored:
keyword=Highly sensitive
keyword=Very sensitive

For example:

SALARY=Highly sensitive
BONUS=Highly Sensitive
PHONENO=Very sensitive

This extension targets data stored in the following object types:

  • Cobol File Link
  • JCL Dataset
  • IMS Segment

The Cobol File Link object contains the data definition and the JCL Dataset is the physical storage method. If a prototype link type is identified between the Cobol File Link (caller) and the JCL Dataset (callee), then both the JCL Dataset and the Cobol File Link will be flagged as “sensitive” when a keyword is located. If this link type is not found, then only the Cobol File Link will be flagged when a keyword is located.

Deliver the .datasensitive file

The .datasensitive file must be delivered with your Mainframe source code. It must be stored in a folder called Database which is located in the root folder of your delivery. If it is located anywhere else it will be ignored. For example:

What results can you expect?

When a .datasensitive file is delivered and a defined key word matches an object name, the “sensitive” flag will be added as an object property, and the sensitive data will be listed. This can be seen using CAST Imaging:

JCL Dataset

IMS Segment