Each IDMS CV is not uniquely defined to the ACP IDMS resource class.

From z/OS ACF2 STIG

Part of ZIDM0014

Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1

SV-7202r1_rule Each IDMS CV is not uniquely defined to the ACP IDMS resource class.

Vulnerability discussion

IDMS is a database management system that provides the facilities to design, create, access, and manage database files. The improper implementation of resource controls could result in the compromise of the confidentiality, integrity, and availability of the IDMS region, applications, and customer data.

Check content

Check for TSS a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(#RDT) - TSSCMDS.RPT(WHOOIDMS) Refer to the IDMS Worksheet in the z/OS STIG Adendum and copy it and fill out the information for each IDMS CV running on this LPAR. b) If the IDMSSGON resource class is defined, there is NO FINDING. c) If each IDMS Central Version (CV) is defined (i.e., owned) to the IDMSSGON resource class, there is NO FINDING. NOTE: The resource name is the IDMS SYSTEM ID specified when the IDMS CV is generated. d) If (b) or (c) above is untrue, this is a FINDING.

Fix text

Have the IAO ensure that each IDMS CV is uniquely defined to the ACP IDMS resource class. Please refer to the CA-IDMS Security Administration Guide for further details on coding the #SECRTT macro. In addition to the resource class, the value for what is generally referred to as resource name must be specified. The resource name uniquely identifies each IDMS CV, and is the value specified for SYSTEM ID on the SYSTEM statement specified when the IDMS CV is generated. This SYSTEM ID should match the userid assigned to the CV. The SYSTEM statement is coded as follows: MOD SYSTEM 120 SYSTEM ID IS resource name For example, if the resource name is IDMSD: MOD SYSTEM 120 SYSTEM ID IS IDMSD Each CV will have a unique name within the LPAR so that access granted for a specific CV does not automatically give access to other CVs. Note: IDMS also requires that the last entry made in the #SECRTT macro must specify TYPE=FINAL. Do not change this.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer