Skip to content

CA IDMS must permit the use of dynamic code execution only in circumstances determined by the organization and limit use of online and batch command facilities from which dynamic statements can be issued.

An XCCDF Rule

Description

<VulnDiscussion>The IDMS Common Facilities (BCF and OCF) can execute commands that can make updates to IDMS, and their use should be protected.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251620r807727_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Create, or modify as needed, entries in the SRTT and then reassemble and relink the module RHDCSRTT for the security domain. An example of the external class and external name construction rules to secure OCF is:

#SECRTT TYPE=ENTRY,RESTYPE=TASK,SECBY=OFF,                                    X
  EXTNAME=(RESTYPE,RESNAME),EXTCLS='CA@IDMS'
#SECRTT TYPE=OCCUR,RESTYPE=TASK,RESNAME='OCF', SECBY=EXT