The CA-ACF2 PSWD GSO record values for MAXTRY and PASSLMT must be properly set.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223462 | ACF2-ES-000430 | SV-223462r533198_rule | Medium |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| IBM z/OS ACF2 Security Technical Implementation Guide | 2020-10-02 |
Details
| Check Text ( C-25135r500518_chk ) |
|---|
| From an ACF command screen enter: SET CONTROL(GSO) SHOW PSwdopts If "MAXTRY" is set to "3", this is not a finding. If "PASSLMT" is set to "3", this is not a finding. |
| Fix Text (F-25123r500519_fix) |
|---|
| Configure the GSO option "MAXTRY" to equal "3". Configure the GSO option "PASSLMT" to equal "3". |