STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251645

CAT II (Medium)

The system storage used for data collection by the CA IDMS server must be protected.

Rule ID

SV-251645r961638_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-002420, CCI-002422

Discussion

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. When transmitting data, the DBMS, associated applications, and infrastructure must leverage transmission protection mechanisms. Satisfies: SRG-APP-000441-DB-000378, SRG-APP-000442-DB-000379

Check Content

Log on to IDMS DC system and issue DCPROFIL. 

If HPSPO ENABLED: display is "NO", this is a finding.

Fix Text

Use the following system generation parameters to enable the use of high performance storage protection:

Set STORAGE KEY parameter of the SYSTEM statement to "9".

Set PROTECT/NOPROTECT parameter of the SYSTEM statement to "PROTECT".

Set PROTECT/NOPROTECT parameter of the PROGRAM statement to "PROTECT" for PROGRAMS required to run with the alternate protect key (i.e., 9).

DCMT DISPLAY ALL STORAGE POOLS can be used to take note of what pools support any type of user storage; that is, user, user-kept, shared, shared-kept, or ALL, in preparation for the next step.

If necessary, redefine storage pools so all forms of user-oriented storage (user, user-kept, shared, and shared-kept) are segregated from the system storage (database, terminal). For example:
ADD STORAGE POOL 1
CONTAINS TYPES ( SHARED SHARED-KEPT USER USER-KEPT )
ADD XA STORAGE POOL 128
CONTAINS TYPES ( USER USER-KEPT )
ADD XA STORAGE POOL 129
CONTAINS TYPES ( SHARED SHARED-KEPT )
ADD XA STORAGE POOL 130
CONTAINS TYPES ( TERMINAL DATABASE )

Generate and start the system. The storage pool definitions have been set up correctly if the message "DC004001 HPSPO HAS BEEN DISABLED DUE TO INCORRECT STORAGE POOL DEFINITIONS" is not issued at startup.