STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

CA IDMS Security Technical Implementation Guide

Version

V2R1

Release Date

Sep 13, 2024

SCAP Benchmark ID

CA_IDMS_STIG

Total Checks

74

Tags

other

CAT I: 5CAT II: 59CAT III: 10

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (74)

V-251582MEDIUMFor interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions.V-251583MEDIUMIDMS must support the implementation of an external security manager (ESM) to handle account management and user accesses, etc.V-251584HIGHIDMS must allow only authorized users to sign on to an IDMS CV.V-251585HIGHIDMS must enforce applicable access control policies, even after a user successfully signs on to CV.V-251586MEDIUMAll installation-delivered IDMS USER-level tasks must be properly secured.V-251587MEDIUMAll installation-delivered IDMS DEVELOPER-level tasks must be properly secured.V-251588MEDIUMAll installation-delivered IDMS DBADMIN-level tasks must be properly secured.V-251589MEDIUMAll installation-delivered IDMS DCADMIN-level tasks must be properly secured.V-251590MEDIUMAll installation-delivered IDMS User-level programs must be properly secured.V-251591MEDIUMAll installation-delivered IDMS Developer-level Programs must be properly secured.V-251592MEDIUMAll installation-delivered IDMS Database-Administrator-level programs must be properly secured.V-251593MEDIUMAll installation-delivered IDMS DC-Administrator-level programs must be properly secured.V-251594LOWIDMS must protect against the use of default userids.V-251595LOWIDMS must protect against the use of external request exits that change the userid to a shared id when actions are performed that may be audited.V-251596LOWIDMS must protect against the use of numbered exits that change the userid to a shared id.V-251597LOWIDMS must protect against the use of web-based applications that use generic IDs.V-251598LOWIDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.V-251599HIGHIDMS must use the ESM to generate auditable records for resources when DoD-defined auditable events occur.V-251600HIGHIDMS must use the ESM to generate auditable records for commands and utilities when DoD-defined auditable events occur.V-251601MEDIUMDatabase objects in an IDMS environment must be secured to prevent privileged actions from being performed by unauthorized users.V-251602MEDIUMThe programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.V-251603MEDIUMThe commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.V-251604MEDIUMDatabases must be secured to protect from structural changes.V-251605MEDIUMDatabase utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).V-251606MEDIUMThe online debugger which can change programs and storage in the CA IDMS address space must be secured.V-251607MEDIUMCA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.V-251608LOWThe EMPDEMO databases, database objects, and applications must be removed.V-251609LOWDefault demonstration and sample databases, database objects, and applications must be removed.V-251610LOWIDMS components that cannot be uninstalled must be disabled.V-251611MEDIUMIDMS nodes, lines, and pterms must be protected from unauthorized use.V-251612MEDIUMThe IDMS environment must require sign-on for users and restrict them to only authorized functions.V-251613MEDIUMDBMS authentication using passwords must be avoided.V-251614LOWPasswords sent through ODBC/JDBC must be encrypted.V-251615MEDIUMThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).V-251616LOWIDMS executing in a local mode batch environment must be able to manually recover or restore database areas affected by failed transactions.V-251617MEDIUMCA IDMS must isolate the security manager to which users, groups, roles are assigned authorities/permissions to resources.V-251618MEDIUMIDMS must prevent unauthorized and unintended information transfer via database buffers.V-251619MEDIUMIDMS must check the validity of all data input unless the organization says otherwise.V-251620MEDIUMCA IDMS must permit the use of dynamic code execution only in circumstances determined by the organization and limit use of online and batch command facilities from which dynamic statements can be issued.V-251621MEDIUMCA IDMS must limit the use of dynamic statements in applications, procedures, and exits to circumstances determined by the organization.V-251622MEDIUMCA IDMS must limit use of IDMS server used in issuing dynamic statements from client applications circumstances determined by the organization.V-251623MEDIUMCA IDMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.V-251624MEDIUMIDMS must suppress security-related messages so that no information is returned that can be exploited.V-251625MEDIUMCustom database code and associated application code must not contain information beyond what is needed for troubleshooting.V-251626MEDIUMIDMS must reveal security-related messages only to authorized users.V-251627MEDIUMCustom database code and associated application code must reveal detailed error messages only to the Information System Security Officer (ISSO), Information System Security manager (ISSM), Systems Administrator (SA), and Database Administrator (DBA).V-251628MEDIUMCA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.V-251629MEDIUMCA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.V-251630MEDIUMCA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.V-251631MEDIUMCA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.V-251632MEDIUMCA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.V-251633MEDIUMCA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.V-251634MEDIUMCA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.V-251635MEDIUMCA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.V-251636MEDIUMIDMS must prevent users without the appropriate access from executing privileged functions or tasks within the IDMS environment.V-251637MEDIUMIDMS must prevent unauthorized users from executing certain privileged commands that can be used to change the runtime IDMS environment.V-251638MEDIUMIDMS must protect its user catalogs and system dictionaries to prevent unauthorized users from bypassing or updating security settings.V-251639MEDIUMIDMS must restrict the use of code that provides elevated privileges to specific instances.V-251640MEDIUMCA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.V-251641MEDIUMIDMS terminal and lines that are not secure must be disabled.V-251642MEDIUMCA IDMS must protect the system code and storage from corruption by user programs.V-251643MEDIUMCA IDMS must protect system and user code and storage from corruption by user programs.V-251644MEDIUMCA IDMS must prevent user code from issuing selected SVC privileged functions.V-251645MEDIUMThe system storage used for data collection by the CA IDMS server must be protected.V-251646MEDIUMThe cache table procedures and views used for performance enhancements for dynamic SQL must be protected.V-251647MEDIUMThe storage used for data collection by CA IDMS web services must be protected.V-251648MEDIUMThe storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.V-251649MEDIUMIDMS must check for invalid data and behave in a predictable manner when encountered.V-251650MEDIUMMaintenance for security-related software updates for CA IDMS modules must be provided.V-251652MEDIUMThe DBMS must develop a procedure to limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.V-251653MEDIUMThe DBMS must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.V-251654HIGHCA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.V-251655MEDIUMThe DBMS must associate organization-defined types of security labels having organization-defined security label values with information in process.V-251656MEDIUMCA IDMS must implement NIST FIPS 140-2 validated cryptographic modules to protect data-in-transit.