CA-ACF2 PSWD GSO record value must be set to limit three consecutive invalid logon attempts by a user during a 15-minute time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-97619 | ACF2-ES-000420 | SV-106723r1_rule | Medium |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| IBM z/OS ACF2 Security Technical Implementation Guide | 2020-06-29 |
Details
| Check Text ( C-96453r1_chk ) |
|---|
| From the ISPF Command Shell to enter the ACF2 Command Shell enter: ACF Enter: SHOW STATE If "MAXTRY = 3", this is not a finding. |
| Fix Text (F-103295r1_fix) |
|---|
| Configure the GSO option "MAXTRY" to equal "3". |