II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000296-DB-000306
Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.
If a user does not sign off a terminal after use, it can be used for illegitimate purposes. The IDMS RESOURCE TIMEOUT INTERVAL allows the organization to set a limit to the amount of time it can be...Rule Medium Severity -
SRG-APP-000296-DB-000306
Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.
If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Such logouts may be explicit or implicit. Exam...Rule Medium Severity -
SRG-APP-000296-DB-000306
Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.
If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Such logout may be explicit or implicit. Examp...Rule Medium Severity -
SRG-APP-000296-DB-000306
Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.
IDMS must provide a facility by which an inactive user session may be terminated after a predetermined period of time.Rule Medium Severity -
SRG-APP-000340-DB-000304
Group -
IDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.
In general, all functions within IDMS can be controlled, therefore it is up to the IDMS system administrator to determine which functions or tasks are secured or require proper authorization. Any f...Rule Medium Severity -
SRG-APP-000340-DB-000304
Group -
IDMS must prevent unauthorized users from executing certain privileged commands that can be used to change the runtime IDMS environment.
Ensure that a subset DCMT commands are secured so that only those with the appropriate authority are able to execute them. Access to these DCMT commands can allow a user to circumvent defined secu...Rule Medium Severity -
SRG-APP-000340-DB-000304
Group -
IDMS must protect its user catalogs and system dictionaries to prevent unauthorized users from bypassing or updating security settings.
Unauthorized access to user profiles, dictionaries, and user catalogs provides the ability to damage the IDMS system.Rule Medium Severity -
SRG-APP-000342-DB-000302
Group -
IDMS must restrict the use of code that provides elevated privileges to specific instances.
When a user has elevated privileges, they may be able to deliberately or inadvertently make alterations to the DBMS structure or data.Rule Medium Severity -
SRG-APP-000380-DB-000360
Group -
CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.
The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent installation of unauthorized programs and the ability to dynamically reg...Rule Medium Severity -
SRG-APP-000383-DB-000364
Group -
IDMS terminal and lines that are not secure must be disabled.
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.Rule Medium Severity -
SRG-APP-000431-DB-000388
Group -
CA IDMS must protect the system code and storage from corruption by user programs.
Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that ...Rule Medium Severity -
SRG-APP-000431-DB-000388
Group -
CA IDMS must protect system and user code and storage from corruption by user programs.
Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that ...Rule Medium Severity -
SRG-APP-000431-DB-000388
Group -
CA IDMS must prevent user code from issuing selected SVC privileged functions.
If an SVC is used to facilitate interpartition communication for online applications executing under other DC systems, batch application programs, and programs executed under TP monitors other than...Rule Medium Severity -
SRG-APP-000441-DB-000378
Group -
The system storage used for data collection by the CA IDMS server must be protected.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000441-DB-000378
Group -
The cache table procedures and views used for performance enhancements for dynamic SQL must be protected.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000441-DB-000378
Group -
The storage used for data collection by CA IDMS web services must be protected.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000441-DB-000378
Group -
The storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000447-DB-000393
Group -
IDMS must check for invalid data and behave in a predictable manner when encountered.
A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information syst...Rule Medium Severity -
SRG-APP-000456-DB-000390
Group -
Maintenance for security-related software updates for CA IDMS modules must be provided.
When a problem is found in IDMS, corrective maintenance is published to correct the problem (including security related problems). Published fixes should be applied to the IDMS system to correct an...Rule Medium Severity -
SRG-APP-000001-DB-000031
Group -
The DBMS must develop a procedure to limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.
Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful Denial of Service (...Rule Medium Severity -
SRG-APP-000266-DB-000162
Group -
The DBMS must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Any DBMS or associated application providing too much information in error messages on the screen or printout risks compromising the data and security of the system. The structure and content of er...Rule Medium Severity -
SRG-APP-000428-DB-000386
Group -
CA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to ...Rule High Severity -
SRG-APP-000313-DB-000309
Group -
The DBMS must associate organization-defined types of security labels having organization-defined security label values with information in process.
Without the association of security labels to information, there is no basis for the DBMS to make security-related access-control decisions. Security labels are abstractions representing the basic...Rule Medium Severity -
SRG-APP-000514-DB-000383
Group -
CA IDMS must implement NIST FIPS 140-2 validated cryptographic modules to protect data-in-transit.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.