Navigate

Check: IDMS-DB-000530

CA IDMS STIG: IDMS-DB-000530 (in versions v1 r2 through v1 r1)

Title

IDMS must suppress security-related messages so that no information is returned that can be exploited. (Cat II impact)

Discussion

Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.

Check Content

Log on to IDMS DC system and issue "DCPROFIL". Scroll to the OPTION FLAGS screen. If "OPT00051" is not listed, this is a finding. For IDMS LOG messages, if OPT00226 is not listed, this is a finding.

Fix Text

Reassemble, relink, and reload (V NC) RHDCOPTF with #DEFOPTF OPT00051 (for messages sent to user) and optional #DEFOPTF OPT00226 (for messages sent to IDMS log).

Additional Identifiers

Rule ID: SV-251624r807739_rule

Vulnerability ID: V-251624

Group Title: SRG-APP-000266-DB-000162

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001312	The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SI-11	Error Handling