CA IDMS must limit use of IDMS server used in issuing dynamic statements from client applications circumstances determined by the organization.

An XCCDF Rule

Description

<VulnDiscussion>Server tasks can execute dynamic SQL code and should be protected.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251622r961158_rule
Severity: Medium
References: CCI-001310
Updated: 17 days ago

Create or modify as needed entries in the SRTT, then reassemble and relink module RHDCSRTT for the security domain. The external class and external name construction rules must be specified. The following is an example of how IDMSJSRV and CASERVER may be secured externally.

#SECRTT TYPE=ENTRY,RESTYPE=TASK,SECBY=OFF,EXTNAME=(RESTYPE,RESNAME),
  EXTCLS='CA@IDMS'
#SECRTT TYPE=OCCUR,RESTYPE=TASK,RESNAME='IDMSJSRV', SECBY=EXT
#SECRTT TYPE=OCCUR,RESTYPE=TASK,RESNAME='CASERVER', SECBY=EXT
Consult with the security department to ensure that the ESM contains the correct rules to secure the entries and permit access to the appropriate users.

After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:
 
   DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY 
   DCMT VARY NUCLEUS RELOAD

CA IDMS must limit use of IDMS server used in issuing dynamic statements from client applications circumstances determined by the organization.

Description

Remediation - Manual Procedure