IDMS must protect its user catalogs and system dictionaries to prevent unauthorized users from bypassing or updating security settings.
An XCCDF Rule
Description
<VulnDiscussion>Unauthorized access to user profiles, dictionaries, and user catalogs provides the ability to damage the IDMS system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251638r961353_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Secure database object resources not found in SECRTT or found to be secured internally, through the external security manager (ESM) chosen by the organization (e.g., TSS, ACF 2, RACF). Users, groups, roles, etc., are defined to the ESM, and it is here where the authorization for ownership is determined. Once externally secured, create or modify the #SECRTT entries specify TYPE=ENTRY and TYPE=OCCURRENCE for the database resource type with the parameter of SECBY=EXTERNAL. Use the RESTYPE DB which implicitly includes the subtypes AREA, NRU, QSCH, NSCH, TABL, DACC, and SACC. For each subtype, an entry must be added. The restypes for database tables and DMCLs are DBTB and DMCL, respectively.
Update the #SECRTT macro to contain the following entries:
#SECRTT TYPE=ENTRY,
RESTYPE=UPRF, X
SECBY=EXTERNAL, X