Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000296-DB-000306

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.

    &lt;VulnDiscussion&gt;If a user does not sign off a terminal after use, it can be used for illegitimate purposes. The IDMS RESOURCE TIMEOUT INTERVA...
    Rule Medium Severity
  • SRG-APP-000296-DB-000306

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.

    &lt;VulnDiscussion&gt;If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...
    Rule Medium Severity
  • SRG-APP-000296-DB-000306

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.

    &lt;VulnDiscussion&gt;If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...
    Rule Medium Severity
  • SRG-APP-000296-DB-000306

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.

    &lt;VulnDiscussion&gt;IDMS must provide a facility by which an inactive user session may be terminated after a predetermined period of time.&lt;/Vu...
    Rule Medium Severity
  • SRG-APP-000340-DB-000304

    <GroupDescription></GroupDescription>
    Group
  • IDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.

    &lt;VulnDiscussion&gt;In general, all functions within IDMS can be controlled, therefore it is up to the IDMS system administrator to determine whi...
    Rule Medium Severity
  • SRG-APP-000340-DB-000304

    <GroupDescription></GroupDescription>
    Group
  • IDMS must prevent unauthorized users from executing certain privileged commands that can be used to change the runtime IDMS environment.

    &lt;VulnDiscussion&gt;Ensure that a subset DCMT commands are secured so that only those with the appropriate authority are able to execute them. A...
    Rule Medium Severity
  • SRG-APP-000340-DB-000304

    <GroupDescription></GroupDescription>
    Group
  • IDMS must protect its user catalogs and system dictionaries to prevent unauthorized users from bypassing or updating security settings.

    &lt;VulnDiscussion&gt;Unauthorized access to user profiles, dictionaries, and user catalogs provides the ability to damage the IDMS system.&lt;/Vul...
    Rule Medium Severity
  • SRG-APP-000342-DB-000302

    <GroupDescription></GroupDescription>
    Group
  • IDMS must restrict the use of code that provides elevated privileges to specific instances.

    &lt;VulnDiscussion&gt;When a user has elevated privileges, they may be able to deliberately or inadvertently make alterations to the DBMS structure...
    Rule Medium Severity
  • SRG-APP-000380-DB-000360

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.

    &lt;VulnDiscussion&gt;The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent ...
    Rule Medium Severity
  • SRG-APP-000383-DB-000364

    <GroupDescription></GroupDescription>
    Group
  • IDMS terminal and lines that are not secure must be disabled.

    &lt;VulnDiscussion&gt;Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.&lt;/VulnDiscussio...
    Rule Medium Severity
  • SRG-APP-000431-DB-000388

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS must protect the system code and storage from corruption by user programs.

    &lt;VulnDiscussion&gt;Database management systems can maintain separate execution domains for each executing process by assigning each process a se...
    Rule Medium Severity
  • SRG-APP-000431-DB-000388

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS must protect system and user code and storage from corruption by user programs.

    &lt;VulnDiscussion&gt;Database management systems can maintain separate execution domains for each executing process by assigning each process a se...
    Rule Medium Severity
  • SRG-APP-000431-DB-000388

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS must prevent user code from issuing selected SVC privileged functions.

    &lt;VulnDiscussion&gt;If an SVC is used to facilitate interpartition communication for online applications executing under other DC systems, batch ...
    Rule Medium Severity
  • SRG-APP-000441-DB-000378

    <GroupDescription></GroupDescription>
    Group
  • The system storage used for data collection by the CA IDMS server must be protected.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000441-DB-000378

    <GroupDescription></GroupDescription>
    Group
  • The cache table procedures and views used for performance enhancements for dynamic SQL must be protected.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000441-DB-000378

    <GroupDescription></GroupDescription>
    Group
  • The storage used for data collection by CA IDMS web services must be protected.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000441-DB-000378

    <GroupDescription></GroupDescription>
    Group
  • The storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000447-DB-000393

    <GroupDescription></GroupDescription>
    Group
  • IDMS must check for invalid data and behave in a predictable manner when encountered.

    &lt;VulnDiscussion&gt;A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or uni...
    Rule Medium Severity
  • SRG-APP-000456-DB-000390

    <GroupDescription></GroupDescription>
    Group
  • Maintenance for security-related software updates for CA IDMS modules must be provided.

    &lt;VulnDiscussion&gt;When a problem is found in IDMS, corrective maintenance is published to correct the problem (including security related probl...
    Rule Medium Severity
  • SRG-APP-000001-DB-000031

    <GroupDescription></GroupDescription>
    Group
  • The DBMS must develop a procedure to limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

    &lt;VulnDiscussion&gt;Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurr...
    Rule Medium Severity
  • SRG-APP-000266-DB-000162

    <GroupDescription></GroupDescription>
    Group
  • The DBMS must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

    &lt;VulnDiscussion&gt;Any DBMS or associated application providing too much information in error messages on the screen or printout risks compromis...
    Rule Medium Severity
  • SRG-APP-000428-DB-000386

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.

    &lt;VulnDiscussion&gt;This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers...
    Rule High Severity
  • SRG-APP-000313-DB-000309

    <GroupDescription></GroupDescription>
    Group
  • The DBMS must associate organization-defined types of security labels having organization-defined security label values with information in process.

    &lt;VulnDiscussion&gt;Without the association of security labels to information, there is no basis for the DBMS to make security-related access-con...
    Rule Medium Severity
  • SRG-APP-000514-DB-000383

    <GroupDescription></GroupDescription>
    Group
  • CA IDMS must implement NIST FIPS 140-2 validated cryptographic modules to protect data-in-transit.

    &lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The applicatio...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules