Navigate

Check: IDMS-DB-000180

CA IDMS STIG: IDMS-DB-000180 (in versions v1 r2 through v1 r1)

Title

IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited. (Cat III impact)

Discussion

IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services interface could be used to reveal or change sensitive data.

Check Content

On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC" to check Web Services configuration. If "REQUIRE SIGNON = NO", this is a finding.

Fix Text

On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC REQUIRE SIGNON=YES".

Additional Identifiers

Rule ID: SV-251598r807661_rule

Vulnerability ID: V-251598

Group Title: SRG-APP-000080-DB-000063

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000166	The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-10	Non-Repudiation