IDMS must enforce applicable access control policies, even after a user successfully signs on to CV.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251585	IDMS-DB-000040	SV-251585r807622_rule		High

Description
Unless the DBMS is secured properly, there are innumerable ways that a system and its data can be compromised. The IDMS SRTT is the basis for mitigating these problems.

STIG	Date
CA IDMS Security Technical Implementation Guide	2021-11-10

Details

Check Text ( C-55020r807620_chk )
Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output. Note: This requires PTFs SO07995 and SO09476. In the SRTT, resources are protected by #SECRTT TYPE=ENTRY and TYPE=OCCURRENCE statements. Examine the SRTT to ensure that there are #SECRTT statements for the desired recourses that have "SECBY=EXTERNAL". If there are none, this is a finding.

Check Text ( C-55020r807620_chk )

Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output.

Note: This requires PTFs SO07995 and SO09476.

In the SRTT, resources are protected by #SECRTT TYPE=ENTRY and TYPE=OCCURRENCE statements.

Examine the SRTT to ensure that there are #SECRTT statements for the desired recourses that have "SECBY=EXTERNAL". If there are none, this is a finding.

Fix Text (F-54974r807621_fix)
Secure the desired resources by updating RHDCSRTT adding #SECRTT TYPE=ENTRY and TYPE=OCCURRENCE statements as needed. For example: #SECRTT TYPE=ENTRY, X RESTYPE=resource, X SECBY=EXTERNAL, X EXTCLS='CA@IDMS', X EXTNAME=(your_extname) Before implementing changes, contact the security administrator and ensure that the external security manager (ESM) has the necessary rules for the EXTCLS and EXTNAME values that were chosen. These rules must then be given to the appropriate users. For instance, in Top Secret: TSS PER(user_id) CA@IDMS(your_extname) After making the above changes assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands: DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY DCMT VARY NUCLEUS RELOAD

Fix Text (F-54974r807621_fix)

Secure the desired resources by updating RHDCSRTT adding #SECRTT TYPE=ENTRY and TYPE=OCCURRENCE statements as needed. For example:

#SECRTT TYPE=ENTRY, X
RESTYPE=resource, X
SECBY=EXTERNAL, X
EXTCLS='CA@IDMS', X
EXTNAME=(your_extname)

Before implementing changes, contact the security administrator and ensure that the external security manager (ESM) has the necessary rules for the EXTCLS and EXTNAME values that were chosen. These rules must then be given to the appropriate users. For instance, in Top Secret:
TSS PER(user_id) CA@IDMS(your_extname)

After making the above changes assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands:

DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY
DCMT VARY NUCLEUS RELOAD