STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251597

CAT III (Low)

IDMS must protect against the use of web-based applications that use generic IDs.

Rule ID

SV-251597r960864_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000166

Discussion

Web-based applications that allow a generic ID can be a door into IDMS allowing unauthorized changes whose authors may not be determined.

Check Content

If there are web-based applications to which individual users sign on, and a generic ID associated with the application is used to access back-end IDMS databases, this is a finding.

Fix Text

For web-based applications using generic IDs, set the individual user ID (external identity) to be recorded in the journal.

For JDBC applications, use the "IdmsConnection setIdentity" method.

For ODBC applications, use the "SQLSetConnectAttr" function with the IDMS_ATTR_EXTERNAL_IDENTITY attribute type.

Run journal report "JREPORT 010" and" JREPORT 008" to audit the individual user ID.