CA IDMS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Database objects in an IDMS environment must be secured to prevent privileged actions from being performed by unauthorized users.
<VulnDiscussion>If database objects like areas, schemas, and run units are not secured, they may be changed or deleted by unauthorized users....Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.
<VulnDiscussion>The IDMS SYSGEN must be protected against unauthorized changes. Satisfies: SRG-APP-000133-DB-000362, SRG-APP-000378-DB-00036...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.
<VulnDiscussion>IDMS provides commands that can change memory, the attributes of programs, or tasks and are meant for use by the appropriate ...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
Databases must be secured to protect from structural changes.
<VulnDiscussion>Database objects, like areas and run units, can be changed or deleted if not protected. Steps must be taken to secure these o...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
Database utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).
<VulnDiscussion>IDMS has tasks that are used to perform necessary maintenance, but in the wrong hands could damage the integrity of the DBMS....Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The online debugger which can change programs and storage in the CA IDMS address space must be secured.
<VulnDiscussion>If the DBMS were to allow any user to make changes to database structure or logic, then those changes might be implemented wi...Rule Medium Severity -
CA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.
<VulnDiscussion>Even when using an external security manager (ESM), IDMS system and user profiles which reside in an IDMS user catalog may be...Rule Medium Severity -
SRG-APP-000141-DB-000090
<GroupDescription></GroupDescription>Group -
The EMPDEMO databases, database objects, and applications must be removed.
<VulnDiscussion>Demonstration and sample database objects and applications present publicly known attack points for malicious users. These de...Rule Low Severity -
SRG-APP-000141-DB-000091
<GroupDescription></GroupDescription>Group -
Default demonstration and sample databases, database objects, and applications must be removed.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Low Severity -
SRG-APP-000141-DB-000092
<GroupDescription></GroupDescription>Group -
IDMS components that cannot be uninstalled must be disabled.
<VulnDiscussion>DBMSs must adhere to the principles of least functionality by providing only essential capabilities. At installation, all CA ...Rule Low Severity -
SRG-APP-000142-DB-000094
<GroupDescription></GroupDescription>Group -
IDMS nodes, lines, and pterms must be protected from unauthorized use.
<VulnDiscussion>In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.