CA IDMS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000033-DB-000084
Group -
IDMS must enforce applicable access control policies, even after a user successfully signs on to CV.
Unless the DBMS is secured properly, there are innumerable ways that a system and its data can be compromised. The IDMS SRTT is the basis for mitigating these problems.Rule High Severity -
SRG-APP-000033-DB-000084
Group -
All installation-delivered IDMS USER-level tasks must be properly secured.
User-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various resources within the DBMS. Satisfies: SRG-APP-000033-DB-000084, SRG-APP-000...Rule Medium Severity -
SRG-APP-000033-DB-000084
Group -
SRG-APP-000080-DB-000063
Group -
IDMS must protect against the use of numbered exits that change the userid to a shared id.
Non-repudiation of actions taken is required to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (...Rule Low Severity -
SRG-APP-000080-DB-000063
Group -
IDMS must protect against the use of web-based applications that use generic IDs.
Web-based applications that allow a generic ID can be a door into IDMS allowing unauthorized changes whose authors may not be determined.Rule Low Severity -
SRG-APP-000080-DB-000063
Group -
IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.
IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services interface could be used to reveal or change sensitive data.Rule Low Severity -
SRG-APP-000089-DB-000064
Group -
IDMS must use the ESM to generate auditable records for resources when DoD-defined auditable events occur.
Audit records provide a tool to help research events within IDMS. IDMS does not produce audit records, but when using external security, records can be produced through the ESM. IDMS relies on the...Rule High Severity -
SRG-APP-000089-DB-000064
Group -
SRG-APP-000133-DB-000200
Group -
Database objects in an IDMS environment must be secured to prevent privileged actions from being performed by unauthorized users.
If database objects like areas, schemas, and run units are not secured, they may be changed or deleted by unauthorized users.Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
The programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.
The IDMS SYSGEN must be protected against unauthorized changes. Satisfies: SRG-APP-000133-DB-000362, SRG-APP-000378-DB-000365Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
The commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.
IDMS provides commands that can change memory, the attributes of programs, or tasks and are meant for use by the appropriate administrators. These commands must be protected from use by the wrong p...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.