Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6907 | ZIDM0014 | SV-7202r2_rule | DCCS-1 DCCS-2 ECCD-1 ECCD-2 | Medium |
Description |
---|
IDMS is a database management system that provides the facilities to design, create, access, and manage database files. The improper implementation of resource controls could result in the compromise of the confidentiality, integrity, and availability of the IDMS region, applications, and customer data. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2015-03-27 |
Check Text ( C-20322r1_chk ) |
---|
Check for ACF2 a) Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection: - SENSITVE.RPT(IDMSSGON) - ACF2CMDS.RPT(RESOURCE) Refer to the IDMS Worksheet in the z/OS STIG Adendum and copy it and fill out the information for each IDMS CV running on this LPAR. b) If the TYPE(SGO) is defined, there is NO FINDING. c) If each IDMS Central Version (CV) is defined to the TYPE(SGO), there is NO FINDING. NOTE: The resource name is the IDMS SYSTEM ID specified when the IDMS CV is generated. d) If (b) or (c) above is untrue, this is a FINDING. |
Fix Text (F-18264r1_fix) |
---|
Have the IAO ensure that each IDMS CV is uniquely defined to the ACP IDMS resource class. Please refer to the CA-IDMS Security Administration Guide for further details on coding the #SECRTT macro. In addition to the resource class, the value for what is generally referred to as resource name must be specified. The resource name uniquely identifies each IDMS CV, and is the value specified for SYSTEM ID on the SYSTEM statement specified when the IDMS CV is generated. This SYSTEM ID should match the userid assigned to the CV. The SYSTEM statement is coded as follows: MOD SYSTEM 120 SYSTEM ID IS resource name For example, if the resource name is IDMSD: MOD SYSTEM 120 SYSTEM ID IS IDMSD Each CV will have a unique name within the LPAR so that access granted for a specific CV does not automatically give access to other CVs. Note: IDMS also requires that the last entry made in the #SECRTT macro must specify TYPE=FINAL. Do not change this. |