STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251623

CAT II (Medium)

CA IDMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

Rule ID

SV-251623r961158_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001310

Discussion

When the use of dynamic SQL is necessary, the code should be written so that the invalid data can be found and the appropriate action taken.

Check Content

If dynamic code execution is used and identified user input is not validity checked user input, this is a finding. 

If SQL-defined tables, DISPLAY TABLE <schema-name>.<table-name> . If there is not a CHECK for the columns and accompanying accepted values, this is a finding.

If network-defined records, DISPLAY SCHEMA or DISPLAY RECORD. If there is no CALL to a procedure BEFORE STORE and BEFORE MODIFY, this is a finding.

If the procedure does not validate the non-exempt columns, this is a finding.

Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.

Fix Text

For SQL-defined tables, ALTER TABLE <schema-name>.<table-name> ADD CHECK (search-condition).

For network-defined records, MODIFY <record-name> CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values.

Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.