Title

IDMS components that cannot be uninstalled must be disabled. (Cat III impact)

Discussion

DBMSs must adhere to the principles of least functionality by providing only essential capabilities. At installation, all CA IDMS products are installed but can be disabled (i.e., forced to fail if invoked).

Check Content

Log on to IDMS DC system and issue DCPROFIL. Scroll to the Product Intent Status screen. If any unused product has a status of "YES", this is a finding.

Fix Text

Edit RHDCPINT source and remove or comment out products identified as unused. Reassemble, relink, and implement changes by either recycling any affected CV or by issuing the following commands in any affected CV: DCMT VARY NUCLEUS MODULE RHDCPINT NEW COPY DCMT VARY NUCLEUS RELOAD

Additional Identifiers

Rule ID: SV-251610r807697_rule

Vulnerability ID: V-251610

Group Title: SRG-APP-000141-DB-000092

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.