DBMS authentication using passwords must be avoided.

An XCCDF Rule

Description

Passwords that are easy to guess open a vulnerability allowing an unauthorized user to potentially gain access to the DBMS. IDMS uses the External Security Manager (ESM) to enforce complexity and lifetime standards.

ID: SV-251613r981946_rule
Version: IDMS-DB-000330
Severity: Medium
References: CCI-000192
Updated: 24 days ago

Remediation Templates

The SRTT module must be coded to secure the system. When using an ESM, this could be done in the following manner:

               #SECRTT TYPE=ENTRY,                                   X
                          RESTYPE=SGON,                                   X
                          SECBY=EXTERNAL ,                               X
                         EXTNAME=(RESTYPE,RESNAME),        X                         EXTCLS='CA@IDMS'

EXTCLS maps the CA IDMS resource type to the resource class defined in the ESM. The EXTNAME defines the format of the resource name defined to the ESM.

After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:

   DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY 
   DCMT VARY NUCLEUS RELOAD

Ensure the ESM has a corresponding entry to give access to the desired users. For instance, in Top Secret:
TSS PER(user_id) CA@IDMS(SGON.the_extname)

In ACF2:
$KEY(SGON.the_extname) TYPE(CA@IDMS) 
 UID(user_id) ALLOW

After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:

DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY 
DCMT VARY NUCLEUS RELOAD

DBMS authentication using passwords must be avoided.

Description

Remediation Templates

A Manual Procedure