III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000133-DB-000362
Group -
The programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.
The IDMS SYSGEN must be protected against unauthorized changes. Satisfies: SRG-APP-000133-DB-000362, SRG-APP-000378-DB-000365Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
The commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.
IDMS provides commands that can change memory, the attributes of programs, or tasks and are meant for use by the appropriate administrators. These commands must be protected from use by the wrong p...Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
Databases must be secured to protect from structural changes.
Database objects, like areas and run units, can be changed or deleted if not protected. Steps must be taken to secure these objects via the external security manager (ESM). Satisfies: SRG-APP-0001...Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
Database utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).
IDMS has tasks that are used to perform necessary maintenance, but in the wrong hands could damage the integrity of the DBMS. Tasks that can change database structure must be protected. Satisfies:...Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
The online debugger which can change programs and storage in the CA IDMS address space must be secured.
If the DBMS were to allow any user to make changes to database structure or logic, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of ...Rule Medium Severity -
SRG-APP-000133-DB-000362
Group -
CA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.
Even when using an external security manager (ESM), IDMS system and user profiles which reside in an IDMS user catalog may be assigned to users or groups. The ability to administer user and system ...Rule Medium Severity -
SRG-APP-000141-DB-000090
Group -
The EMPDEMO databases, database objects, and applications must be removed.
Demonstration and sample database objects and applications present publicly known attack points for malicious users. These demonstration and sample objects are meant to provide simple examples of c...Rule Low Severity -
SRG-APP-000141-DB-000091
Group -
Default demonstration and sample databases, database objects, and applications must be removed.
Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...Rule Low Severity -
SRG-APP-000141-DB-000092
Group -
IDMS components that cannot be uninstalled must be disabled.
DBMSs must adhere to the principles of least functionality by providing only essential capabilities. At installation, all CA IDMS products are installed but can be disabled (i.e., forced to fail if...Rule Low Severity -
SRG-APP-000142-DB-000094
Group -
IDMS nodes, lines, and pterms must be protected from unauthorized use.
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.