I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000001-DB-000031
<GroupDescription></GroupDescription>Group -
For interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions.
<VulnDiscussion>Multiple interactive sessions can provide a way to cause a DoS attack against IDMS if a user ID and password were compromised...Rule Medium Severity -
SRG-APP-000023-DB-000001
<GroupDescription></GroupDescription>Group -
IDMS must support the implementation of an external security manager (ESM) to handle account management and user accesses, etc.
<VulnDiscussion>Internal security in a DBMS can be complex to implement and maintain with the increased possibility of no access or the wrong...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
IDMS must allow only authorized users to sign on to an IDMS CV.
<VulnDiscussion>Unauthorized users signing on to IDMS can pose varying amounts of risk depending upon the security of the IDMS resources in a...Rule High Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
IDMS must enforce applicable access control policies, even after a user successfully signs on to CV.
<VulnDiscussion>Unless the DBMS is secured properly, there are innumerable ways that a system and its data can be compromised. The IDMS SRTT ...Rule High Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS USER-level tasks must be properly secured.
<VulnDiscussion>User-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various reso...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS DEVELOPER-level tasks must be properly secured.
<VulnDiscussion>Developer-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS DBADMIN-level tasks must be properly secured.
<VulnDiscussion>DBA-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various resou...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS DCADMIN-level tasks must be properly secured.
<VulnDiscussion>If DC Administrator-level tasks are not secured, any user logged on to IDMS may use them to access and manipulate various res...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS User-level programs must be properly secured.
<VulnDiscussion>If user-level programs are not secured, then unauthorized users may use them to access and manipulate various resources withi...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS Developer-level Programs must be properly secured.
<VulnDiscussion>Developer-level programs that are not secured may allow unauthorized users to access and manipulate various resources within ...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS Database-Administrator-level programs must be properly secured.
<VulnDiscussion>DBA-level programs that are not secured may allow unauthorized users to use them to access and manipulate various resources w...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
All installation-delivered IDMS DC-Administrator-level programs must be properly secured.
<VulnDiscussion>DC Administrator-level programs that are not secured may allow unauthorized users to use them to access and manipulate variou...Rule Medium Severity -
SRG-APP-000080-DB-000063
<GroupDescription></GroupDescription>Group -
IDMS must protect against the use of default userids.
<VulnDiscussion>Default sign-ons can be used by individuals to perform adverse actions anonymously.</VulnDiscussion><FalsePositives&...Rule Low Severity -
SRG-APP-000080-DB-000063
<GroupDescription></GroupDescription>Group -
IDMS must protect against the use of external request exits that change the userid to a shared id when actions are performed that may be audited.
<VulnDiscussion>Non-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by ind...Rule Low Severity -
SRG-APP-000080-DB-000063
<GroupDescription></GroupDescription>Group -
IDMS must protect against the use of numbered exits that change the userid to a shared id.
<VulnDiscussion>Non-repudiation of actions taken is required to maintain data integrity. Examples of particular actions taken by individuals ...Rule Low Severity -
SRG-APP-000080-DB-000063
<GroupDescription></GroupDescription>Group -
IDMS must protect against the use of web-based applications that use generic IDs.
<VulnDiscussion>Web-based applications that allow a generic ID can be a door into IDMS allowing unauthorized changes whose authors may not be...Rule Low Severity -
SRG-APP-000080-DB-000063
<GroupDescription></GroupDescription>Group -
IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.
<VulnDiscussion>IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services inter...Rule Low Severity -
SRG-APP-000089-DB-000064
<GroupDescription></GroupDescription>Group -
IDMS must use the ESM to generate auditable records for resources when DoD-defined auditable events occur.
<VulnDiscussion>Audit records provide a tool to help research events within IDMS. IDMS does not produce audit records, but when using externa...Rule High Severity -
SRG-APP-000089-DB-000064
<GroupDescription></GroupDescription>Group -
IDMS must use the ESM to generate auditable records for commands and utilities when DoD-defined auditable events occur.
<VulnDiscussion>Audit records provide a tool to help research events within IDMS. IDMS itself does not produce audit records but, when extern...Rule High Severity -
SRG-APP-000133-DB-000200
<GroupDescription></GroupDescription>Group -
Database objects in an IDMS environment must be secured to prevent privileged actions from being performed by unauthorized users.
<VulnDiscussion>If database objects like areas, schemas, and run units are not secured, they may be changed or deleted by unauthorized users....Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.
<VulnDiscussion>The IDMS SYSGEN must be protected against unauthorized changes. Satisfies: SRG-APP-000133-DB-000362, SRG-APP-000378-DB-00036...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.
<VulnDiscussion>IDMS provides commands that can change memory, the attributes of programs, or tasks and are meant for use by the appropriate ...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
Databases must be secured to protect from structural changes.
<VulnDiscussion>Database objects, like areas and run units, can be changed or deleted if not protected. Steps must be taken to secure these o...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
Database utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).
<VulnDiscussion>IDMS has tasks that are used to perform necessary maintenance, but in the wrong hands could damage the integrity of the DBMS....Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The online debugger which can change programs and storage in the CA IDMS address space must be secured.
<VulnDiscussion>If the DBMS were to allow any user to make changes to database structure or logic, then those changes might be implemented wi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.