Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
For interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-251582 | IDMS-DB-000010 | SV-251582r807613_rule | Medium |
| Description |
|---|
| Multiple interactive sessions can provide a way to cause a DoS attack against IDMS if a user ID and password were compromised. Not allowing multiple sign-ons can mitigate the risk of malicious attacks using multiple sessions for a user. |
| STIG | Date |
|---|---|
| CA IDMS Security Technical Implementation Guide | 2022-09-07 |
Details
| Check Text ( C-55017r807611_chk ) |
|---|
| Use task SYSGEN if online, or program RHDCSGEN if batch. Sign on to the dictionary where the System definition is maintained: "SIGNON DICTIONARY SYSTEM.", for example. Enter: "DISPLAY SYSTEM 123." where 123 is the number of the system being checked. Scroll through the returned text until "MULTIPLE SIGNON" is found. If the associated value is "YES", this is a finding. |
| Fix Text (F-54971r807612_fix) |
|---|
| Use TASK SYSGEN if online, or program RHDCSGEN if batch. Sign on to the dictionary where the system definition is maintained: "SIGNON DICTIONARY SYSTEM.", for example. Enter: "MODIFY SYSTEM 123 MULTIPLE SIGNON IS NO." where 123 is the number of the system being modified. Enter: "VALIDATE." Enter: "GENERATE." The change will become effective the next time the CV is stopped and started. |