STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251621

CAT II (Medium)

CA IDMS must limit the use of dynamic statements in applications, procedures, and exits to circumstances determined by the organization.

Rule ID

SV-251621r961158_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001310

Discussion

Dynamic SQL statements are compiled at runtime and, if manipulated by an unauthorized user, can produce an innumerable array of undesired results. These statements should not be used casually.

Check Content

If EXECUTE IMMEDIATE, PREPARE, and EXECUTE statements are found while reviewing source code in applications, procedures, and exits in code that does not require it, this is a finding.

Fix Text

Modify the code to remove the dynamic statements EXECUTE IMMEDIATE, PREPARE, and EXECUTE. If these statements must be used, use other measures to eliminate possible code injection success by securing resources (databases, access modules, tasks, programs, etc.). Since security checks are issued by CA IDMS as it executes the commands and the authorization permissions are cached for the life of the transaction or task, whichever ends first. The use of strongly typing parameters and validating inputs are other ways to guard against code injection when dynamic statement execution must be used.