Database utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).
An XCCDF Rule
Description
<VulnDiscussion>IDMS has tasks that are used to perform necessary maintenance, but in the wrong hands could damage the integrity of the DBMS. Tasks that can change database structure must be protected. Satisfies: SRG-APP-000133-DB-000362, SRG-APP-000380-DB-000360</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251605r960960_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Create an entry in the SRTT and compile into the module RHDCSRTT for the security domain that defined the resource type of ACTI. The external class and external name construction rules must be specified. For example:
#SECRTT TYPE=ENTRY,RESTYPE=ACTI, SECBY=EXTERNAL, EXTCLS='CA@IDMS',EXTNAME=(RESNAME,ACTIVITY)
Compile IDMSUTAB into the custom loadlib, specifying the activity number associated with the utility statement on the #UTABGEN macro. For example, #UTABGEN (A,3),(OCF,EXPANDPAGE,I). The ACTIVITY passed to the ESM will be the first up to five bytes of the application name followed by the three-byte activity number. Using the activity number "3" in the #UTABGEN, the ACTIVITY sent to the ESM would be OCF003.