Check: IDMS-DB-000190
CA IDMS STIG:
IDMS-DB-000190
(in version v1 r2)
Title
IDMS must use the ESM to generate auditable records for resources when DoD-defined auditable events occur. (Cat I impact)
Discussion
Audit records provide a tool to help research events within IDMS. IDMS does not produce audit records, but when using external security, records can be produced through the ESM. IDMS relies on the ESM to log organization-defined auditable events. To ensure that all secure actions are logged, those actions must be defined to the IDMS Security Resource Type Table (SRTT) with a type of external security. When IDMS has to perform a given security check, it will defer to the ESM to determine the user's authorization. The auditing functionality of the ESM can be used to track the IDMS security calls. Some organization-defined auditable events are expected to be handled solely by the ESM. This would include requirements such as "successful and unsuccessful attempts to modify or delete privileges, security objects, security levels, or categories of information" as well as "account creation, modification, disablement, or termination." For the audit logging of other organization-defined auditable events, IDMS requires RHDCSRTT security module set up to route requests for these events through the ESM. This will ensure that they are audited appropriately. The following resource types must be defined with SECBY type of EXTERNAL in the RHDCSRTT load module to achieve the appropriate level of audit logging. If there is not a resource type definition with a security type of EXTERNAL for the following resources, this is a finding.
Check Content
Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV and reviewing the output. Note: This requires PTFs SO07995 and SO09476. If the ESM specification does not match the RHDCSRTT entry, this is a finding. Validate each of the following listed entries: Access Actions such as login - Resource type SGON Privileged system access - Resource types SYST, DB, DMCL, DBTB Privileged object access - Resource types SLOD, SACC, QUEU Privileged program access - Resource type TASK, SPGM If any are not secured externally, this is a finding.
Fix Text
If some of the resource types were not defined to the #SECRTT with SECBY=EXTERNAL, update the #SECRTT security module to include the appropriate definitions. Access Actions such as login - Resource type SGON Privileged system access - Resource types SYST, DB, DMCL, DBTB Privileged object access - Resource types SLOD, SACC, QUEU Privileged program access - Resource type TASK, SPGM To update the #SECRTT entries, change any invalid definitions of SECBY=INTERNAL to SECBY=EXTERNAL for the resources listed above. If any of the resource types are missing, add them. Once the updates are complete, recompile the RHDCSRTT module. Then confirm that the resource types are referenced appropriately by the external security manager.
Additional Identifiers
Rule ID: SV-251599r858838_rule
Vulnerability ID: V-251599
Group Title: SRG-APP-000089-DB-000064
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |