IDMS terminal and lines that are not secure must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251641	IDMS-DB-000770	SV-251641r855279_rule		Medium

Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

STIG	Date
CA IDMS Security Technical Implementation Guide	2022-09-07

Details

Check Text ( C-55076r807788_chk )
For each load area, run a CREPORT 43 to check the nodes and access types for each node. For each node, issue DCMT D LINE. For each LINE type with a status of InSrv, inspect the access type for potential unauthorized connection types. For TCP/IP, any line with access type SOCKET, issue DCMT D LINE . If any terminals are of type LIST and status InSrv, check port number for a valid port. If the port number is unacceptable as defined in the PPSM CAL, this is a finding. For each terminal with the type of LIST and InSrv, issue DCMT D PTE . For each task and (possible PARM STRING which could pass a task) identified in the PTE display, issue DCMT D TASK . If the task is IDMSJSRV and the associated program is RHDCNP3J, this is not a finding. If the task/program has not been authorized, this is a finding. If other access types (e.g., VTAM, SVC, CCI) have been deemed nonsecure in the PPSM CAL, this is a finding.

Check Text ( C-55076r807788_chk )

For each load area, run a CREPORT 43 to check the nodes and access types for each node. For each node, issue DCMT D LINE. For each LINE type with a status of InSrv, inspect the access type for potential unauthorized connection types.

For TCP/IP, any line with access type SOCKET, issue DCMT D LINE . If any terminals are of type LIST and status InSrv, check port number for a valid port. If the port number is unacceptable as defined in the PPSM CAL, this is a finding.

For each terminal with the type of LIST and InSrv, issue DCMT D PTE . For each task and (possible PARM STRING which could pass a task) identified in the PTE display, issue DCMT D TASK . If the task is IDMSJSRV and the associated program is RHDCNP3J, this is not a finding. If the task/program has not been authorized, this is a finding.

If other access types (e.g., VTAM, SVC, CCI) have been deemed nonsecure in the PPSM CAL, this is a finding.

Fix Text (F-55030r807789_fix)
For any pterm found to have nonsecure attributes (task, program, port), disable by issuing DCMT V PTE OFF. Using SYSGEN, remove offending lines, pterms, lterms, and/or port numbers and regenerate the system.