CA IDMS programs that can be run through a CA IDMS CV must be defined to the CV.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-251640	SRG-APP-000380-DB-000360	IDMS-DB-000720	SV-251640r961461_rule	2024-09-13	2

Description
The ability to add programs to be executed under IDMS can be a problem if malicious programs are added. CA IDMS must prevent installation of unauthorized programs and the ability to dynamically register new programs and tasks.

ℹ️ Check
Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output. Note: This requires PTFs SO07995 and SO09476. Check the SRTT for externally secured resource SYST which allows the SYSGEN to be modified and application program definitions added. If "SYST" is not found as the resource type in any of the entries, this is a finding. If "SYST" is secured internally, this is a finding. If "SYST" is found to be secured externally, ensure that the ESM contains the correct definition using the external resource class name and the external name construction rules. If it is not defined or not defined correctly, this is a finding.

ℹ️ Check

Examine load module RHDCSRTT by executing CA IDMS utility IDMSSRTD, or by issuing command "DCMT DISPLAY SRTT" while signed onto the CV, and reviewing the output. Note: This requires PTFs SO07995 and SO09476. Check the SRTT for externally secured resource SYST which allows the SYSGEN to be modified and application program definitions added. If "SYST" is not found as the resource type in any of the entries, this is a finding. If "SYST" is secured internally, this is a finding. If "SYST" is found to be secured externally, ensure that the ESM contains the correct definition using the external resource class name and the external name construction rules. If it is not defined or not defined correctly, this is a finding.

✔️ Fix
Create an entry in the SRTT and compile into the module RHDCSRTT for the security domain that defined the resource type of SYST. The external class and external name construction rules must be specified. For instance: #SECRTT TYPE=ENTRY,RESTYPE=SYST, SECBY=EXTERNAL, EXTCLS='CA@IDMS',EXTNAME=(RESNAME) Create the corresponding entry in the external security manager (ESM) and authorize appropriate users, groups, etc., to allow access to system generation including program definition.

✔️ Fix

Create an entry in the SRTT and compile into the module RHDCSRTT for the security domain that defined the resource type of SYST. The external class and external name construction rules must be specified. For instance: #SECRTT TYPE=ENTRY,RESTYPE=SYST, SECBY=EXTERNAL, EXTCLS='CA@IDMS',EXTNAME=(RESNAME) Create the corresponding entry in the external security manager (ESM) and authorize appropriate users, groups, etc., to allow access to system generation including program definition.