IDMS must protect against the use web services that do not require a sign on when actions are performed that may be audited.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-251598 | SRG-APP-000080-DB-000063 | IDMS-DB-000180 | SV-251598r960864_rule | 2024-09-13 | 2 |
Description
IDMS web services provide a way for web-based applications to access an IDMS database. If not secured, the Web services interface could be used to reveal or change sensitive data.
ℹ️ Check
On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC" to check Web Services configuration.
If "REQUIRE SIGNON = NO", this is a finding.
✔️ Fix
On the IDMS CV system where CA IDMS Web Services executes, enter "WEBC REQUIRE SIGNON=YES".