IDMS must support the implementation of an external security manager (ESM) to handle account management and user accesses, etc.

An XCCDF Rule

Description

<VulnDiscussion>Internal security in a DBMS can be complex to implement and maintain with the increased possibility of no access or the wrong access to a needed resource. IDMS can be configured to use an ESM as the security repository allowing access rules to be added to already-known users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251583r960768_rule
Severity: Medium
References: CCI-000015
Updated: 17 days ago

The SRTT module must be coded to enable the desired security. When using an ESM, this could be done in the following manner:
 
#SECRTT TYPE=ENTRY,                          X
 RESTYPE=SGON,                                      X
 SECBY=EXTERNAL ,                               X
 EXTNAME=(RESNAME),                      X EXTCLS='CA@IDMS'

The RESNAME will be derived from the SYSTEM ID name in SYSGEN.

After making the above changes, ensure the ESM has the appropriate rules defined to give access to the desired users. For example, in a Top Secret environment where the SYSGEN SYSTEM ID is SYSO187:
TSS PER(user-id) CA@IDMS(SYSO187)

Also assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:

   DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY 
   DCMT VARY NUCLEUS RELOAD

IDMS must support the implementation of an external security manager (ESM) to handle account management and user accesses, etc.

Description

Remediation - Manual Procedure