Title

CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV. (Cat II impact)

Discussion

The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent installation of unauthorized programs and the ability to dynamically register new programs and tasks.

Check Content

Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output. Note: This requires PTFs SO07995 and SO09476. Check the SRTT for externally secured resource SYST which allows the SYSGEN to be modified and application program definitions added. If "SYST" is not found as the resource type in any of the entries, this is a finding. If "SYST" is secured internally, this is a finding. If "SYST" is found to be secured externally, ensure that the ESM contains the correct definition using the external resource class name and the external name construction rules. If it is not defined or not defined correctly, this is a finding.

Fix Text

Create an entry in the SRTT and compile into the module RHDCSRTT for the security domain that defined the resource type of SYST. The external class and external name construction rules must be specified. For instance: #SECRTT TYPE=ENTRY,RESTYPE=SYST, SECBY=EXTERNAL, EXTCLS='CA@IDMS',EXTNAME=(RESNAME) Create the corresponding entry in the external security manager (ESM) and authorize appropriate users, groups, etc., to allow access to system generation including program definition.

Additional Identifiers

Rule ID: SV-251640r855278_rule

Vulnerability ID: V-251640

Group Title: SRG-APP-000380-DB-000360

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.