Skip to content

CA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.

An XCCDF Rule

Description

<VulnDiscussion>Even when using an external security manager (ESM), IDMS system and user profiles which reside in an IDMS user catalog may be assigned to users or groups. The ability to administer user and system profiles must be secured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251607r807688_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The SRTT module must be coded to secure SYSADMIN. When using an ESM, this could be done in the following manner:
 
#SECRTT TYPE=ENTRY,                            X
 RESTYPE=SYSA,                                         X
 SECBY=EXTERNAL ,                                  X
 EXTNAME=(ENVIR,RESTYPE),              X