Skip to content
Log In

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000133-DB-000362

    Group
    Show

  • CA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.

    Even when using an external security manager (ESM), IDMS system and user profiles which reside in an IDMS user catalog may be assigned to users or groups. The ability to administer user and system ...
    Rule Medium Severity
    Show

  • SRG-APP-000141-DB-000090

    Group
    Show

  • The EMPDEMO databases, database objects, and applications must be removed.

    Demonstration and sample database objects and applications present publicly known attack points for malicious users. These demonstration and sample objects are meant to provide simple examples of c...
    Rule Low Severity
    Show

  • SRG-APP-000141-DB-000091

    Group
    Show

  • Default demonstration and sample databases, database objects, and applications must be removed.

    Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...
    Rule Low Severity
    Show

  • SRG-APP-000141-DB-000092

    Group
    Show

  • IDMS components that cannot be uninstalled must be disabled.

    DBMSs must adhere to the principles of least functionality by providing only essential capabilities. At installation, all CA IDMS products are installed but can be disabled (i.e., forced to fail if...
    Rule Low Severity
    Show

  • SRG-APP-000142-DB-000094

    Group
    Show

  • IDMS nodes, lines, and pterms must be protected from unauthorized use.

    In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...
    Rule Medium Severity
    Show

  • SRG-APP-000148-DB-000103

    Group
    Show

  • The IDMS environment must require sign-on for users and restrict them to only authorized functions.

    To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational use...
    Rule Medium Severity
    Show

  • SRG-APP-000164-DB-000401

    Group
    Show

  • DBMS authentication using passwords must be avoided.

    Passwords that are easy to guess open a vulnerability allowing an unauthorized user to potentially gain access to the DBMS. IDMS uses the External Security Manager (ESM) to enforce complexity and l...
    Rule Medium Severity
    Show

  • SRG-APP-000172-DB-000075

    Group
    Show

  • Passwords sent through ODBC/JDBC must be encrypted.

    Unencrypted passwords transmitted from ODBC and JDBC may be intercepted to prevent their being intercepted in a plain-text format.
    Rule Low Severity
    Show

  • SRG-APP-000180-DB-000115

    Group
    Show

  • The DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

    Non-organizational users include all information system users other than organizational users, which include organizational employees or individuals the organization deems to have equivalent status...
    Rule Medium Severity
    Show

  • SRG-APP-000225-DB-000153

    Group
    Show

  • IDMS executing in a local mode batch environment must be able to manually recover or restore database areas affected by failed transactions.

    Local mode update jobs can either use local mode journaling or perform a backup of the database prior to executing the local mode updates. Local mode journaling could be completed if the database ...
    Rule Low Severity
    Show

  • SRG-APP-000233-DB-000124

    Group
    Show

  • CA IDMS must isolate the security manager to which users, groups, roles are assigned authorities/permissions to resources.

    An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, and...
    Rule Medium Severity
    Show

  • SRG-APP-000243-DB-000373

    Group
    Show

  • IDMS must prevent unauthorized and unintended information transfer via database buffers.

    The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf...
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000160

    Group
    Show

  • IDMS must check the validity of all data input unless the organization says otherwise.

    Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated applic...
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000391

    Group
    Show

  • CA IDMS must permit the use of dynamic code execution only in circumstances determined by the organization and limit use of online and batch command facilities from which dynamic statements can be issued.

    The IDMS Common Facilities (BCF and OCF) can execute commands that can make updates to IDMS, and their use should be protected.
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000391

    Group
    Show

  • CA IDMS must limit the use of dynamic statements in applications, procedures, and exits to circumstances determined by the organization.

    Dynamic SQL statements are compiled at runtime and, if manipulated by an unauthorized user, can produce an innumerable array of undesired results. These statements should not be used casually.
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000391

    Group
    Show

  • CA IDMS must limit use of IDMS server used in issuing dynamic statements from client applications circumstances determined by the organization.

    Server tasks can execute dynamic SQL code and should be protected.
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000392

    Group
    Show

  • CA IDMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

    When the use of dynamic SQL is necessary, the code should be written so that the invalid data can be found and the appropriate action taken.
    Rule Medium Severity
    Show

  • SRG-APP-000266-DB-000162

    Group
    Show

  • IDMS must suppress security-related messages so that no information is returned that can be exploited.

    Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.
    Rule Medium Severity
    Show

  • SRG-APP-000266-DB-000162

    Group
    Show

  • Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.

    Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur.
    Rule Medium Severity
    Show

  • SRG-APP-000267-DB-000163

    Group
    Show

  • IDMS must reveal security-related messages only to authorized users.

    Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.
    Rule Medium Severity
    Show

  • SRG-APP-000267-DB-000163

    Group
    Show

  • Custom database code and associated application code must reveal detailed error messages only to the Information System Security Officer (ISSO), Information System Security manager (ISSM), Systems Administrator (SA), and Database Administrator (DBA).

    Detailed error messages issued by custom or user-written code can possibly give too much detail to the users. This code should be examined to ensure that this does not happen.
    Rule Medium Severity
    Show

  • SRG-APP-000295-DB-000305

    Group
    Show

  • CA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.

    A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can ...
    Rule Medium Severity
    Show

  • SRG-APP-000295-DB-000305

    Group
    Show

  • CA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.

    A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can ...
    Rule Medium Severity
    Show

  • SRG-APP-000295-DB-000305

    Group
    Show

  • CA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.

    Inactive sessions, such as a logged on user who leaves their terminal, may give a bad actor access to the system.
    Rule Medium Severity
    Show

  • SRG-APP-000295-DB-000305

    Group
    Show

  • CA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.

    A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules