CA IDMS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000251-DB-000391
<GroupDescription></GroupDescription>Group -
CA IDMS must limit the use of dynamic statements in applications, procedures, and exits to circumstances determined by the organization.
<VulnDiscussion>Dynamic SQL statements are compiled at runtime and, if manipulated by an unauthorized user, can produce an innumerable array ...Rule Medium Severity -
SRG-APP-000251-DB-000391
<GroupDescription></GroupDescription>Group -
CA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.
<VulnDiscussion>A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user...Rule Medium Severity -
SRG-APP-000295-DB-000305
<GroupDescription></GroupDescription>Group -
CA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.
<VulnDiscussion>A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user...Rule Medium Severity -
SRG-APP-000295-DB-000305
<GroupDescription></GroupDescription>Group -
CA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.
<VulnDiscussion>Inactive sessions, such as a logged on user who leaves their terminal, may give a bad actor access to the system.</VulnDis...Rule Medium Severity -
SRG-APP-000295-DB-000305
<GroupDescription></GroupDescription>Group -
CA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.
<VulnDiscussion>A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.
<VulnDiscussion>If a user does not sign off a terminal after use, it can be used for illegitimate purposes. The IDMS RESOURCE TIMEOUT INTERVA...Rule Medium Severity -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.
<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.
<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.
<VulnDiscussion>IDMS must provide a facility by which an inactive user session may be terminated after a predetermined period of time.</Vu...Rule Medium Severity -
SRG-APP-000340-DB-000304
<GroupDescription></GroupDescription>Group -
IDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.
<VulnDiscussion>In general, all functions within IDMS can be controlled, therefore it is up to the IDMS system administrator to determine whi...Rule Medium Severity -
SRG-APP-000340-DB-000304
<GroupDescription></GroupDescription>Group -
IDMS must prevent unauthorized users from executing certain privileged commands that can be used to change the runtime IDMS environment.
<VulnDiscussion>Ensure that a subset DCMT commands are secured so that only those with the appropriate authority are able to execute them. A...Rule Medium Severity -
CA IDMS must protect the system code and storage from corruption by user programs.
<VulnDiscussion>Database management systems can maintain separate execution domains for each executing process by assigning each process a se...Rule Medium Severity -
SRG-APP-000431-DB-000388
<GroupDescription></GroupDescription>Group -
CA IDMS must protect system and user code and storage from corruption by user programs.
<VulnDiscussion>Database management systems can maintain separate execution domains for each executing process by assigning each process a se...Rule Medium Severity -
SRG-APP-000431-DB-000388
<GroupDescription></GroupDescription>Group -
CA IDMS must prevent user code from issuing selected SVC privileged functions.
<VulnDiscussion>If an SVC is used to facilitate interpartition communication for online applications executing under other DC systems, batch ...Rule Medium Severity -
SRG-APP-000441-DB-000378
<GroupDescription></GroupDescription>Group -
The system storage used for data collection by the CA IDMS server must be protected.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000441-DB-000378
<GroupDescription></GroupDescription>Group -
The cache table procedures and views used for performance enhancements for dynamic SQL must be protected.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000441-DB-000378
<GroupDescription></GroupDescription>Group -
The storage used for data collection by CA IDMS web services must be protected.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000441-DB-000378
<GroupDescription></GroupDescription>Group -
The storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000447-DB-000393
<GroupDescription></GroupDescription>Group -
IDMS must check for invalid data and behave in a predictable manner when encountered.
<VulnDiscussion>A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or uni...Rule Medium Severity -
SRG-APP-000456-DB-000390
<GroupDescription></GroupDescription>Group -
Maintenance for security-related software updates for CA IDMS modules must be provided.
<VulnDiscussion>When a problem is found in IDMS, corrective maintenance is published to correct the problem (including security related probl...Rule Medium Severity -
SRG-APP-000001-DB-000031
<GroupDescription></GroupDescription>Group -
The DBMS must develop a procedure to limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.
<VulnDiscussion>Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurr...Rule Medium Severity -
SRG-APP-000266-DB-000162
<GroupDescription></GroupDescription>Group -
The DBMS must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
<VulnDiscussion>Any DBMS or associated application providing too much information in error messages on the screen or printout risks compromis...Rule Medium Severity -
SRG-APP-000428-DB-000386
<GroupDescription></GroupDescription>Group -
CA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.
<VulnDiscussion>This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers...Rule Medium Severity -
SRG-APP-000313-DB-000309
<GroupDescription></GroupDescription>Group -
The DBMS must associate organization-defined types of security labels having organization-defined security label values with information in process.
<VulnDiscussion>Without the association of security labels to information, there is no basis for the DBMS to make security-related access-con...Rule Medium Severity -
SRG-APP-000514-DB-000383
<GroupDescription></GroupDescription>Group -
CA IDMS must implement NIST FIPS 140-2 validated cryptographic modules to protect data-in-transit.
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The applicatio...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.