STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251641

CAT II (Medium)

IDMS terminal and lines that are not secure must be disabled.

Rule ID

SV-251641r961470_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001762

Discussion

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

Check Content

For each load area, run a CREPORT 43 to check the nodes and access types for each node. For each node, issue DCMT D LINE. For each LINE type with a status of InSrv, inspect the access type for potential unauthorized connection types. 

For TCP/IP, any line with access type SOCKET, issue DCMT D LINE <tcp-line-id>. If any terminals are of type LIST and status InSrv, check port number for a valid port. If the port number is unacceptable as defined in the PPSM CAL, this is a finding. 

For each terminal with the type of LIST and InSrv, issue DCMT D PTE <pterm-id>. For each task and (possible PARM STRING which could pass a task) identified in the PTE display, issue DCMT D TASK <task-id>. If the task is IDMSJSRV and the associated program is RHDCNP3J, this is not a finding. If the task/program has not been authorized, this is a finding. 

If other access types (e.g., VTAM, SVC, CCI) have been deemed nonsecure in the PPSM CAL, this is a finding.

Fix Text

For any pterm found to have nonsecure attributes (task, program, port), disable by issuing DCMT V PTE <pterm-id> OFF. 

Using SYSGEN, remove offending lines, pterms, lterms, and/or port numbers and regenerate the system.