IDMS must check for invalid data and behave in a predictable manner when encountered.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251649	IDMS-DB-000880	SV-251649r855288_rule		Medium

Description
A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.

Description

A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.

STIG	Date
CA IDMS Security Technical Implementation Guide	2022-09-07

Details

Check Text ( C-55084r807812_chk )
If data inputs are specifically identified by the organization as exempt from validity checks, this is not applicable. If SQL-defined tables, DISPLAY TABLE . . If there is not a CHECK for the columns and accompanying accepted values, this is a finding. If network-defined records, DISPLAY SCHEMA or DISPLAY RECORD. If there is no CALL to a procedure BEFORE STORE and BEFORE MODIFY, this is a finding. If the procedure does not validate the non-exempt columns, this is a finding. Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid. Review the source code for checks, procedures, and edits to identify how the system responds to invalid input. If it does not implement the documented behavior, this is a finding.

Check Text ( C-55084r807812_chk )

If data inputs are specifically identified by the organization as exempt from validity checks, this is not applicable.

If SQL-defined tables, DISPLAY TABLE . . If there is not a CHECK for the columns and accompanying accepted values, this is a finding.

If network-defined records, DISPLAY SCHEMA or DISPLAY RECORD. If there is no CALL to a procedure BEFORE STORE and BEFORE MODIFY, this is a finding. If the procedure does not validate the non-exempt columns, this is a finding.

Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.

Review the source code for checks, procedures, and edits to identify how the system responds to invalid input. If it does not implement the documented behavior, this is a finding.

Fix Text (F-55038r855287_fix)
Revise and deploy source code changes for checks, procedures, and edits to implement the documented behavior. For SQL-defined tables, ALTER TABLE . ADD CHECK (search-condition). For network-defined records, MODIFY CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values. Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.

Fix Text (F-55038r855287_fix)

Revise and deploy source code changes for checks, procedures, and edits to implement the documented behavior.

For SQL-defined tables, ALTER TABLE . ADD CHECK (search-condition).

For network-defined records, MODIFY CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values.

Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.