Skip to content

IDMS must use the ESM to generate auditable records for commands and utilities when DoD-defined auditable events occur.

An XCCDF Rule

Description

<VulnDiscussion>Audit records provide a tool to help research events within IDMS. IDMS itself does not produce audit records but, when external security is in place, records can be produced through the ESM. IDMS relies on the ESM to log organization-defined auditable events. To ensure that all secure actions are logged, those actions must be defined to the IDMS Security Resource Type Table (SRTT) with a type of external security. When IDMS has to perform a given security check, it will defer to the ESM to determine the user's authorization. The auditing functionality of the ESM can be used to track the IDMS security calls. Some organization-defined auditable events are expected to be handled solely by the ESM. This would include requirements such as "successful and unsuccessful attempts to modify or delete privileges, security objects, security levels, or categories of information" as well as "account creation, modification, disablement, or termination." For the audit logging of other organization-defined auditable events, IDMS requires RHDCSRTT security module set up to route requests for these events through the ESM. This will ensure that they are audited appropriately. The following resource types must be defined with SECBY type of EXTERNAL in the RHDCSRTT load module to achieve the appropriate level of audit logging. If there is not a resource type definition with a security type of EXTERNAL for the following resources, this is a finding.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251600r807996_rule
Severity
High
References
Updated



Remediation - Manual Procedure

If the IDMSUTAB load module needs to be updated to secure and audit the OCF/BCF commands, re-run the #UTABGEN macro to create an updated version. Here is an example of the syntax:
#UTABGEN (FORMAT,14,PRINTPAGE,14)

This syntax assigns the FORMAT and PRINTPAGE commands to activity 14, which can now be secured by the RHDCSRTT module.

If the IDMSCTAB load module needs updated to secure and audit the DCMT commands, update the #CTABGEN macro to create an updated version. Here is an example of the syntax: