IDMS must reveal security-related messages only to authorized users.

An XCCDF Rule

Description

<VulnDiscussion>Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251626r961170_rule
Severity: Medium
References: CCI-001314
Updated: 17 days ago

In the source for RHDCOPTF, add lines: 

         #DEFOPT OPT00051              <-for messages sent to user
         #DEFOPT OPT00226              <-for messages sent to IDMS log

Then, reassemble and relink RHDCOPTF. Reload RHDCOPTF in the CV by issuing the following commands:
DCMT VARY NUCLEUS MODULE RHDCOPTF NEW COPY 
DCMT VARY NUCLEUS RELOAD

Contact the security office to ensure that ADSOBPLG, the ADS print log utility, is secured via the ESM and assigned to the appropriate users, and that the ADS log file is secured from being read by others than ISSO, ISSM, SA, and DBA, also via the ESM.

IDMS must reveal security-related messages only to authorized users.

Description

Remediation - Manual Procedure