CA-ACF2 PSWD GSO record value must be set to limit three consecutive invalid logon attempts by a user during a 15-minute time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223461 | ACF2-ES-000420 | SV-223461r533198_rule | Medium |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| IBM z/OS ACF2 Security Technical Implementation Guide | 2020-10-02 |
Details
| Check Text ( C-25134r500515_chk ) |
|---|
| From the ISPF Command Shell to enter the ACF2 Command Shell enter: ACF Enter: SHOW STATE If "MAXTRY = 3", this is not a finding. |
| Fix Text (F-25122r500516_fix) |
|---|
| Configure the GSO option "MAXTRY" to equal "3". |