STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251640

CAT II (Medium)

CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.

Rule ID

SV-251640r961461_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001813

Discussion

The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent installation of unauthorized programs and the ability to dynamically register new programs and tasks.

Check Content

Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output.

Note: This requires PTFs SO07995 and SO09476.

Check the SRTT for externally secured resource SYST which allows the SYSGEN to be modified and application program definitions added. If "SYST" is not found as the resource type in any of the entries, this is a finding. 

If "SYST" is secured internally, this is a finding.                                                                                                                                                                                                                                                   

If "SYST" is found to be secured externally, ensure that the ESM contains the correct definition using the external resource class name and the external name construction rules. If it is not defined or not defined correctly, this is a finding.

Fix Text

Create an entry in the SRTT and compile into the module RHDCSRTT for the security domain that defined the resource type of SYST. The external class and external name construction rules must be specified. For instance:
 
#SECRTT TYPE=ENTRY,RESTYPE=SYST, SECBY=EXTERNAL, EXTCLS='CA@IDMS',EXTNAME=(RESNAME)

Create the corresponding entry in the external security manager (ESM) and authorize appropriate users, groups, etc., to allow access to system generation including program definition.