Skip to content

IDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.

An XCCDF Rule

Description

<VulnDiscussion>In general, all functions within IDMS can be controlled, therefore it is up to the IDMS system administrator to determine which functions or tasks are secured or require proper authorization. Any function within the IDMS environment can be considered privileged if the administrator deems it appropriate. Access to different functions is protected through a number of load modules that are generated from assembler macros. The load modules are RHDCSRTT, IDMSCTAB, and IDMSUTAB. The related assembler macros are #SECRTT, #CTABGEN, and #UTABGEN. The #SECRTT macro is used to define different functions to the ESM so that they can be secured. The #UTABGEN macro is used to secure specific OCF/BCF commands. The #CTABGEN macro is used to secure DCMT commands. IDMS provides several tasks, programs and data sets that, in the wrong hands, could allow access to sensitive data or give access to make detrimental changes. These tasks, programs and data sets should be deemed privileged and protected from unauthorized users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251636r855274_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Define the functions to secure using the #SECRTT, #CTABGEN, and #UTABGEN macros. See the IDMS documentation for information on how use these macros to secure the CA IDMS environment. 

2. Protect the IDMS macro libraries with the ESM's dataset level security (see the ESM's documentation to restrict access except for the administrators).

3. Protect the IDMS custom load library containing the RHDCUXIT, RHDCSRTT, IDMSCTAB, or IDMSUTAB modules. See the ESM's documentation to restrict access except for the IDMS Central Version, administrators, and any other users who require access.