STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251643

CAT II (Medium)

CA IDMS must protect system and user code and storage from corruption by user programs.

Rule ID

SV-251643r961608_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-002530

Discussion

Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces.

Check Content

Log on to IDMS DC system and issue "DCPROFIL". If SYSTEM STORAGE PROTECTED: display is "NO", this is a finding. 

Issue DCMT D PROGRAM pgmname where pgmname is ADSOMAIN, ADSORUN1, and user programs. If "Storage Prot" is "NO", this is a finding.

Fix Text

Use the following system generation parameters to enable the use of standard storage protection: 

Set STORAGE KEY parameter of the SYSTEM statement to a value that is not" 9". (The value other than 9 is dependent on how the z/OS parm AllowUserKeyCSA is set).

Set PROTECT/NOPROTECT parameter of the SYSTEM statement to "PROTECT".

Set PROTECT/NOPROTECT parameter of the PROGRAM statement to "PROTECT" for ADSOMAIN, ADSORUN1, and user programs.

Generate and restart the system.