IDMS must protect against the use of default userids.
An XCCDF Rule
Description
<VulnDiscussion>Default sign-ons can be used by individuals to perform adverse actions anonymously.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251594r960864_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Set DFLTSGN=NO and remove the DFLTUID from the #SECRTT INITIAL macro that is input to the RHDCSRTT module, then reassemble and relink RHDCSRTT.
After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:
DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY
DCMT VARY NUCLEUS RELOAD