An error occurred:

Check: IDMS-DB-000140

CA IDMS STIG: IDMS-DB-000140 (in versions v1 r2 through v1 r1)

Title

IDMS must protect against the use of default userids. (Cat III impact)

Discussion

Default sign-ons can be used by individuals to perform adverse actions anonymously.

Check Content

Examine load module "RHDCSRTT" by executing CA IDMS utility "IDMSSRTD", or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output. Note: This requires PTFs SO07995 and SO09476. If the TYPE=INITIAL #SECRTT has DFLTSGN=YES specified, this is a finding. If DFLTUID is defined, this is a finding.

Fix Text

Set DFLTSGN=NO and remove the DFLTUID from the #SECRTT INITIAL macro that is input to the RHDCSRTT module, then reassemble and relink RHDCSRTT. After making the above changes, assemble and link RHDCSRTT to create a new SRTT. To implement the new SRTT, either recycle any CVs that use the SRTT or issue these commands: DCMT VARY NUCLEUS MODULE RHDCSRTT NEW COPY DCMT VARY NUCLEUS RELOAD

Additional Identifiers

Rule ID: SV-251594r807649_rule

Vulnerability ID: V-251594

Group Title: SRG-APP-000080-DB-000063

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000166

The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-10

Non-Repudiation