IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251598 | IDMS-DB-000180 | SV-251598r960864_rule | CCI-000166 | low |
| Description | ||||
| IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services interface could be used to reveal or change sensitive data. | ||||
| STIG | Date | |||
| CA IDMS Security Technical Implementation Guide | 2024-09-13 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-10
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-000166
1.00
- DISA · V2R1 · disa_xccdf · related
Details
Check Text (C-251598r960864_chk)
On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC" to check Web Services configuration.
If "REQUIRE SIGNON = NO", this is a finding.
Fix Text (F-54987r807660_fix)
On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC REQUIRE SIGNON=YES".