CA IDMS must permit the use of dynamic code execution only in circumstances determined by the organization and limit use of online and batch command facilities from which dynamic statements can be issued.

An XCCDF Rule

Description

<VulnDiscussion>The IDMS Common Facilities (BCF and OCF) can execute commands that can make updates to IDMS, and their use should be protected.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251620r961158_rule
Severity: Medium
References: CCI-001310
Updated: 17 days ago

Create, or modify as needed, entries in the SRTT and then reassemble and relink the module RHDCSRTT for the security domain. An example of the external class and external name construction rules to secure OCF is:

#SECRTT TYPE=ENTRY,RESTYPE=TASK,SECBY=OFF,                                    X
  EXTNAME=(RESTYPE,RESNAME),EXTCLS='CA@IDMS'
#SECRTT TYPE=OCCUR,RESTYPE=TASK,RESNAME='OCF', SECBY=EXT
Consult with the security department to ensure that the ESM contains the correct rules to secure the entries and permit access to the appropriate users.

After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:
 
   DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY 
   DCMT VARY NUCLEUS RELOAD

CA IDMS must permit the use of dynamic code execution only in circumstances determined by the organization and limit use of online and batch command facilities from which dynamic statements can be issued.

Description

Remediation - Manual Procedure