An error occurred:

Check: IDMS-DB-000810

CA IDMS STIG: IDMS-DB-000810 (in versions v1 r2 through v1 r1)

Title

The system storage used for data collection by the CA IDMS server must be protected. (Cat II impact)

Discussion

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. When transmitting data, the DBMS, associated applications, and infrastructure must leverage transmission protection mechanisms. Satisfies: SRG-APP-000441-DB-000378, SRG-APP-000442-DB-000379

Check Content

Log on to IDMS DC system and issue DCPROFIL. If HPSPO ENABLED: display is "NO", this is a finding.

Fix Text

Use the following system generation parameters to enable the use of high performance storage protection: Set STORAGE KEY parameter of the SYSTEM statement to "9". Set PROTECT/NOPROTECT parameter of the SYSTEM statement to "PROTECT". Set PROTECT/NOPROTECT parameter of the PROGRAM statement to "PROTECT" for PROGRAMS required to run with the alternate protect key (i.e., 9). DCMT DISPLAY ALL STORAGE POOLS can be used to take note of what pools support any type of user storage; that is, user, user-kept, shared, shared-kept, or ALL, in preparation for the next step. If necessary, redefine storage pools so all forms of user-oriented storage (user, user-kept, shared, and shared-kept) are segregated from the system storage (database, terminal). For example: ADD STORAGE POOL 1 CONTAINS TYPES ( SHARED SHARED-KEPT USER USER-KEPT ) ADD XA STORAGE POOL 128 CONTAINS TYPES ( USER USER-KEPT ) ADD XA STORAGE POOL 129 CONTAINS TYPES ( SHARED SHARED-KEPT ) ADD XA STORAGE POOL 130 CONTAINS TYPES ( TERMINAL DATABASE ) Generate and start the system. The storage pool definitions have been set up correctly if the message "DC004001 HPSPO HAS BEEN DISABLED DUE TO INCORRECT STORAGE POOL DEFINITIONS" is not issued at startup.

Additional Identifiers

Rule ID: SV-251645r855283_rule

Vulnerability ID: V-251645

Group Title: SRG-APP-000441-DB-000378

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002420

The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
CCI-002422

The information system maintains the confidentiality and/or integrity of information during reception.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-8 (2)

Pre / Post Transmission Handling