CA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.
An XCCDF Rule
Description
<VulnDiscussion>Even when using an external security manager (ESM), IDMS system and user profiles which reside in an IDMS user catalog may be assigned to users or groups. The ability to administer user and system profiles must be secured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251607r960960_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The SRTT module must be coded to secure SYSADMIN. When using an ESM, this could be done in the following manner:
#SECRTT TYPE=ENTRY, X
RESTYPE=SYSA, X
SECBY=EXTERNAL , X
EXTNAME=(ENVIR,RESTYPE), X