II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.
<VulnDiscussion>If a user does not sign off a terminal after use, it can be used for illegitimate purposes. The IDMS RESOURCE TIMEOUT INTERVA...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.
<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.
<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred...Rule Medium Severity -
SRG-APP-000296-DB-000306
<GroupDescription></GroupDescription>Group -
CA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.
<VulnDiscussion>IDMS must provide a facility by which an inactive user session may be terminated after a predetermined period of time.</Vu...Rule Medium Severity -
SRG-APP-000340-DB-000304
<GroupDescription></GroupDescription>Group -
IDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.
<VulnDiscussion>In general, all functions within IDMS can be controlled, therefore it is up to the IDMS system administrator to determine whi...Rule Medium Severity -
SRG-APP-000340-DB-000304
<GroupDescription></GroupDescription>Group -
IDMS must prevent unauthorized users from executing certain privileged commands that can be used to change the runtime IDMS environment.
<VulnDiscussion>Ensure that a subset DCMT commands are secured so that only those with the appropriate authority are able to execute them. A...Rule Medium Severity -
SRG-APP-000340-DB-000304
<GroupDescription></GroupDescription>Group -
IDMS must protect its user catalogs and system dictionaries to prevent unauthorized users from bypassing or updating security settings.
<VulnDiscussion>Unauthorized access to user profiles, dictionaries, and user catalogs provides the ability to damage the IDMS system.</Vul...Rule Medium Severity -
SRG-APP-000342-DB-000302
<GroupDescription></GroupDescription>Group -
IDMS must restrict the use of code that provides elevated privileges to specific instances.
<VulnDiscussion>When a user has elevated privileges, they may be able to deliberately or inadvertently make alterations to the DBMS structure...Rule Medium Severity -
SRG-APP-000380-DB-000360
<GroupDescription></GroupDescription>Group -
CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.
<VulnDiscussion>The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent ...Rule Medium Severity -
SRG-APP-000383-DB-000364
<GroupDescription></GroupDescription>Group -
IDMS terminal and lines that are not secure must be disabled.
<VulnDiscussion>Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.</VulnDiscussio...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.