Clients may wonder about security in place for CA IDMS Server. 

What security is available for CA IDMS Server? Is there a SOC1 or SOC2 report in the last 6 months Full penetration scan report Light-Weight penetration test or some other security certification?

This question applies to all sites using CA IDMS Server, in all environments. 

We do not have any security certification reports for the CA IDMS Server product. Based on our research, it appears that the SOC Type1 and Type2 reports apply primarily to Service Bureau organizations. As a Software provider, this does not really apply to us.
 
Tasks submitted through CA IDMS Server run a s external run-units (ERUs) on the mainframe. As such, the signon and all data access is processed with whatever security has been enabled on the mainframe.. That includes signon security, and system wide, task-level, or database-level security that is defined and is applicable to the Server tasks. 
 
SSL security may be specified at the data source level as well, for each data source to be accessed via the CA IDMS Server. 

For an overview of CA IDMS security, check this reference: 
https://docops.ca.com/ca-idms/19/en/administrating/administrating-security-for-idms/ca-idms-centralized-security-overview
 
Information on configuring the data source to be accessed via CA IDMS Server, including SSl specification, see this reference: 
https://docops.ca.com/ca-idms/19/en/installing/installing-idms-server/configuring-the-client-on-windows/setting-up-and-deleting-a-server