IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-251598 | SRG-APP-000080-DB-000063 | IDMS-DB-000180 | SV-251598r960864_rule | 2024-09-13 | 2 |
| Description |
|---|
| IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services interface could be used to reveal or change sensitive data. |
| ℹ️ Check |
|---|
| On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC" to check Web Services configuration. If "REQUIRE SIGNON = NO", this is a finding. |
| ✔️ Fix |
|---|
| On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC REQUIRE SIGNON=YES". |